Vir qtipr.com

Zpráva

Jenda939 · #1 Příspěvek od **Jenda939** » 21 úno 2017 10:36

Zdravím, prosím mám problém v podobě viru qtipr.com. Tato škodlivá stránka se zobrazí při otevření webových prohlížečů (chrome a firefox),které nefungují tak jak mají a po chvíli dochází ke kompletnímu zamrznutí pc. Provedl jsem kompletní odinstalaci a znovu k nové instalaci prohlížečů a nepomohlo to. Zde přidávám log z RSIT. Děkuji moc za pomoc.

Logfile of random's system information tool 1.10 (written by random/random)
Run by DOMA at 2017-02-21 10:34:46
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 10 GB (10%) free of 100 GB
Total RAM: 4095 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:49, on 21.2.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\DOMA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Export do &Tahiti - C:\Program Files (x86)\LightComp eDoklady Skenováni\iehelper.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10891 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"taskhost.exe"
C:\Windows\system32\hasplms.exe -run
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
WLIDSvcM.exe 2988
"C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
\??\C:\Windows\system32\conhost.exe "1798290302-1897071072351201610-13971744171648332179-6450272441092493024-1728803398
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Officejet 6500 E709n Series#1400136996" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files\Mozilla Firefox\firefox.exe" http://qtipr.com/
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.0.1939869545\1520939795" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 4636 "\\.\pipe\gecko-crash-server-pipe.4636" tab
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -scheduled

"C:\Users\DOMA\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.221 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-04 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-04 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28 517688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-11-14 2397120]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-11-14 1767712]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2017-01-20 2780112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-12-17 50378880]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [2016-10-27 568904]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-02-08 9363672]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20 595992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
TMMonitor.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2017-02-20 13:07:56 ----D---- C:\Program Files (x86)\Seznam.cz
2017-02-18 20:12:59 ----D---- C:\Users\DOMA\AppData\Roaming\Mozilla
2017-02-18 20:12:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-18 20:12:41 ----D---- C:\Program Files\Mozilla Firefox
2017-02-18 20:05:33 ----D---- C:\Program Files\CCleaner
2017-02-18 17:48:29 ----D---- C:\ProgramData\VS Revo Group
2017-02-18 17:48:28 ----A---- C:\Windows\system32\drivers\revoflt.sys
2017-02-18 17:48:27 ----D---- C:\Program Files\VS Revo Group
2017-02-14 12:33:50 ----SHD---- C:\$RECYCLE.BIN
2017-02-14 12:33:20 ----A---- C:\ComboFix.txt
2017-02-14 12:12:02 ----A---- C:\Windows\zip.exe
2017-02-14 12:12:02 ----A---- C:\Windows\SWSC.exe
2017-02-14 12:12:02 ----A---- C:\Windows\SWREG.exe
2017-02-14 12:12:02 ----A---- C:\Windows\sed.exe
2017-02-14 12:12:02 ----A---- C:\Windows\PEV.exe
2017-02-14 12:12:02 ----A---- C:\Windows\NIRCMD.exe
2017-02-14 12:12:02 ----A---- C:\Windows\MBR.exe
2017-02-14 12:12:02 ----A---- C:\Windows\grep.exe
2017-02-14 12:11:00 ----D---- C:\Qoobox
2017-02-14 12:10:39 ----D---- C:\Windows\erdnt
2017-02-13 13:08:14 ----D---- C:\zoek
2017-02-13 09:38:00 ----A---- C:\runcheck.txt
2017-02-12 17:20:38 ----D---- C:\zoek_backup
2017-02-12 17:02:51 ----D---- C:\Program Files (x86)\MozBackup
2017-02-12 16:17:14 ----D---- C:\Users\DOMA\AppData\Roaming\Navigator
2017-02-12 16:01:52 ----D---- C:\AdwCleaner
2017-02-10 10:08:20 ----D---- C:\Program Files\trend micro
2017-02-10 10:08:19 ----D---- C:\rsit
2017-02-06 09:42:37 ----D---- C:\Program Files\Common Files\i45pc5hk
2017-02-06 09:05:04 ----D---- C:\Windows\IObit
2017-02-06 09:05:02 ----D---- C:\ProgramData\IObit
2017-02-06 09:05:01 ----A---- C:\Windows\SYSWOW64\drivers\HWiNFO64A.SYS
2017-02-06 09:04:56 ----D---- C:\Program Files (x86)\IObit
2017-02-06 09:04:55 ----D---- C:\Users\DOMA\AppData\Roaming\IObit
2017-02-06 08:42:31 ----D---- C:\Program Files\Common Files\mcb041bp
2017-02-06 08:21:19 ----D---- C:\Users\DOMA\AppData\Roaming\Obsidium
2017-02-06 08:12:35 ----A---- C:\Windows\system32\drivers\MBAMChameleon.sys
2017-02-06 08:12:26 ----A---- C:\Windows\system32\drivers\mwac.sys
2017-02-06 08:12:26 ----A---- C:\Windows\system32\drivers\farflt.sys
2017-02-06 08:12:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2017-02-06 08:12:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-02-06 08:11:58 ----A---- C:\Windows\system32\drivers\mbae64.sys
2017-02-06 08:11:52 ----D---- C:\ProgramData\Malwarebytes
2017-02-06 08:11:52 ----D---- C:\Program Files\Malwarebytes
2017-02-05 20:56:07 ----D---- C:\Program Files\Common Files\sbfa0qq4
2017-02-05 19:56:03 ----D---- C:\Program Files\Common Files\ydw2ozcb
2017-02-05 18:56:02 ----D---- C:\Program Files\Common Files\10jyf5qy
2017-02-05 14:44:53 ----D---- C:\Program Files\Common Files\kfbm5m0m
2017-02-04 22:32:42 ----D---- C:\Program Files\Common Files\ockpd0hx
2017-02-04 21:32:42 ----D---- C:\Program Files\Common Files\g21yf11m
2017-02-04 20:32:41 ----D---- C:\Program Files\Common Files\rhhpclnq
2017-02-04 19:32:45 ----D---- C:\Program Files\Common Files\0xjxryrl
2017-02-04 18:33:12 ----D---- C:\Program Files\Common Files\lpuvjabs
2017-02-04 18:10:50 ----D---- C:\ProgramData\GridinSoft
2017-02-04 17:32:14 ----D---- C:\Program Files\Common Files\y01qrndf
2017-02-04 16:32:12 ----D---- C:\Program Files\Common Files\rzrjc5sh
2017-02-04 15:31:59 ----D---- C:\Program Files\BitTorrent
2017-02-04 15:26:01 ----D---- C:\Program Files\żěŃą
2017-02-04 15:25:43 ----D---- C:\Program Files (x86)\Maoha
2017-02-04 15:25:30 ----D---- C:\Users\DOMA\AppData\Roaming\UCChannel
2017-02-04 15:10:17 ----D---- C:\Program Files (x86)\Ashampoo
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\WUDFUpdate_01009.dll
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\winusbcoinstaller2.dll
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01009.dll
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\usbser.sys
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\hw_usbdev.sys
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\hw_quusbnet.sys
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\hw_quusbmdm.sys
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\hw_cdcacm.sys
2017-01-22 20:06:44 ----A---- C:\Windows\system32\drivers\ew_usbccgpfilter.sys
2017-01-22 20:06:27 ----D---- C:\Program Files (x86)\HiSuite

======List of files/folders modified in the last 1 month======

2017-02-21 10:34:48 ----D---- C:\Windows\Temp
2017-02-21 10:08:23 ----D---- C:\Windows\system32\config
2017-02-21 09:45:47 ----D---- C:\Windows\Prefetch
2017-02-21 09:43:02 ----SHD---- C:\System Volume Information
2017-02-21 09:36:25 ----D---- C:\ProgramData\NVIDIA
2017-02-20 20:13:43 ----D---- C:\Users\DOMA\AppData\Roaming\Seznam.cz
2017-02-20 16:12:44 ----D---- C:\Users\DOMA\AppData\Roaming\Skype
2017-02-20 13:17:03 ----SHD---- C:\Windows\Installer
2017-02-20 13:17:03 ----D---- C:\Config.Msi
2017-02-20 13:13:49 ----RD---- C:\Program Files (x86)
2017-02-20 13:13:37 ----D---- C:\Program Files (x86)\Google
2017-02-20 13:12:00 ----D---- C:\Windows\system32\Tasks
2017-02-18 20:12:41 ----RD---- C:\Program Files
2017-02-18 20:10:13 ----D---- C:\Windows
2017-02-18 20:06:21 ----D---- C:\Users\DOMA\AppData\Roaming\TeamViewer
2017-02-18 20:06:19 ----D---- C:\Windows\Panther
2017-02-18 20:06:19 ----D---- C:\Windows\inf
2017-02-18 20:06:18 ----D---- C:\Windows\Minidump
2017-02-18 20:06:18 ----D---- C:\Windows\Logs
2017-02-18 20:06:18 ----D---- C:\Windows\debug
2017-02-18 19:28:38 ----D---- C:\ProgramData
2017-02-18 17:48:32 ----D---- C:\Windows\system32\drivers
2017-02-18 10:47:49 ----D---- C:\Windows\System32
2017-02-18 10:47:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-15 08:29:59 ----D---- C:\Windows\system32\NDF
2017-02-14 19:57:16 ----D---- C:\Windows\SysWOW64
2017-02-14 19:57:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-02-14 19:57:12 ----D---- C:\Windows\system32\Macromed
2017-02-14 19:57:10 ----D---- C:\Windows\SYSWOW64\Macromed
2017-02-14 12:23:47 ----A---- C:\Windows\system.ini
2017-02-14 12:23:28 ----D---- C:\Windows\system32\drivers\etc
2017-02-14 12:17:18 ----D---- C:\Windows\SYSWOW64\drivers
2017-02-14 12:17:18 ----D---- C:\Windows\AppPatch
2017-02-14 12:17:17 ----D---- C:\Program Files (x86)\Common Files
2017-02-13 10:02:46 ----D---- C:\Windows\system32\GroupPolicy
2017-02-13 10:02:45 ----D---- C:\Users\DOMA\AppData\Roaming\Fighters
2017-02-13 10:02:45 ----D---- C:\ProgramData\Fighters
2017-02-13 10:02:45 ----D---- C:\Program Files (x86)\Fighters
2017-02-12 15:42:52 ----D---- C:\Windows\Tasks
2017-02-07 11:33:33 ----D---- C:\Program Files (x86)\SumatraPDF
2017-02-07 11:32:28 ----D---- C:\Program Files (x86)\PhotoScape
2017-02-07 11:24:57 ----D---- C:\Program Files (x86)\Blazers
2017-02-06 19:28:35 ----D---- C:\Windows\system32\catroot2
2017-02-06 11:42:29 ----AD---- C:\ProgramData\TEMP
2017-02-06 09:42:37 ----D---- C:\Program Files\Common Files
2017-02-06 09:04:45 ----D---- C:\Users\DOMA\AppData\Roaming\Adobe
2017-02-04 15:26:45 ----SD---- C:\ProgramData\Microsoft
2017-02-04 15:10:24 ----D---- C:\ProgramData\Ashampoo
2017-01-22 20:06:44 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-04-27 283064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-02-06 27552]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2015-09-24 109200]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2015-09-24 205528]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2015-09-24 350552]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2017-02-15 176584]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér; C:\Windows\system32\DRIVERS\l160x64.sys [2009-06-25 58368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-02-21 251848]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-14 27584]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-11-14 56384]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 44320]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 117152]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-10-26 38944]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S3 andnetadb;ADB Interface DriverNet; C:\Windows\System32\Drivers\lgandnetadb.sys []
S3 AndnetBus;LGE Mobile USB Composite Device; C:\Windows\system32\DRIVERS\lgandnetbus64.sys []
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys []
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032e.sys [2009-06-10 278016]
S3 ew_usbccgpfilter;HwHandSet_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbccgpfilter.sys [2016-11-25 18816]
S3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-02-19 43968]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2016-12-16 40984]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-01-22 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-11-14 1163712]
R2 hasplms;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2015-09-24 4665168]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [2016-11-25 192200]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-20 4355024]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-11-14 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-11-14 2521024]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-11-14 932728]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2016-10-09 66872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-11-14 3632576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-20 153752]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14 270936]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-20 153752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-25 196040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 21 úno 2017 18:23

Krasny den Vam preju

Je tento OS legalni? Opravdu neni bezne, ze by si bezny domaci uzivatel kupoval nejvyssi licenci s funkcemi, ktere nevyuzije, misto obycejne licence Home Premium, ktera stoji polovic

Vlozte jeste log C:\ComboFix.txt - upozornim jeste na pravidla fora, zejmena bod 3 http://forum.viry.cz/viewtopic.php?f=12&t=5601

Spency · #3 Příspěvek od **Spency** » 22 úno 2017 08:38

Počítač musí být napaden nějakým malware, takže je zbytečné přeinstalovat prohlížeč.
Musíte najít malware a odstranit ji. Pokud si nevíte, jak najdete na těchto stránkách: hxxp://www.icleansoftware.com/easy-way-to-remo ... fected-pc/

Jenda939 · #4 Příspěvek od **Jenda939** » 22 úno 2017 13:18

Zdravím, jo os je legální. Jinak přidávám log z combofixu. Děkuji za pomoc.

ComboFix 17-01-29.01 - DOMA 22.02.2017 12:38:07.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.3081 [GMT 1:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-01-22 do 2017-02-22 )))))))))))))))))))))))))))))))
.
.
2017-02-22 11:46 . 2017-02-22 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-21 08:43 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F75B768F-8DAA-400F-915B-EEA0C33115C7}\mpengine.dll
2017-02-20 12:11 . 2017-02-20 12:21 -------- d-----w- c:\users\DOMA\AppData\Local\Google
2017-02-20 12:07 . 2017-02-20 12:11 -------- d-----w- c:\program files (x86)\Seznam.cz
2017-02-18 19:12 . 2017-02-18 19:19 -------- d-----w- c:\users\DOMA\AppData\Local\Mozilla
2017-02-18 19:12 . 2017-02-19 20:26 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2017-02-18 19:12 . 2017-02-19 20:26 -------- d-----w- c:\program files\Mozilla Firefox
2017-02-18 19:05 . 2017-02-18 19:05 -------- d-----w- c:\program files\CCleaner
2017-02-18 16:48 . 2017-02-18 16:48 -------- d-----w- c:\users\DOMA\AppData\Local\VS Revo Group
2017-02-18 16:48 . 2017-02-18 16:48 -------- d-----w- c:\programdata\VS Revo Group
2017-02-18 16:48 . 2016-12-16 07:53 40984 ----a-w- c:\windows\system32\drivers\revoflt.sys
2017-02-18 16:48 . 2017-02-18 16:48 -------- d-----w- c:\program files\VS Revo Group
2017-02-14 11:10 . 2017-02-14 11:10 -------- d-----w- c:\users\DOMA\AppData\Local\GHISLER
2017-02-13 12:08 . 2017-02-13 12:08 -------- d-----w- C:\zoek
2017-02-12 16:02 . 2017-02-12 16:02 -------- d-----w- c:\program files (x86)\MozBackup
2017-02-12 15:17 . 2017-02-12 15:17 -------- d-----w- c:\users\DOMA\AppData\Roaming\Navigator
2017-02-12 15:01 . 2017-02-21 08:47 -------- d-----w- C:\AdwCleaner
2017-02-10 09:08 . 2017-02-21 09:34 -------- d-----w- c:\program files\trend micro
2017-02-10 09:08 . 2017-02-11 19:07 -------- d-----w- C:\rsit
2017-02-06 10:53 . 2017-02-06 10:53 -------- d-----w- c:\users\DOMA\AppData\Local\ESET
2017-02-06 08:42 . 2017-02-06 08:42 -------- d-----w- c:\program files\Common Files\i45pc5hk
2017-02-06 08:05 . 2017-02-06 08:05 -------- d-----w- c:\windows\IObit
2017-02-06 08:05 . 2017-02-06 08:05 -------- d-----w- c:\programdata\IObit
2017-02-06 08:05 . 2017-02-06 08:05 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2017-02-06 08:04 . 2017-02-06 08:04 -------- d-----w- c:\program files (x86)\IObit
2017-02-06 08:04 . 2017-02-06 08:04 -------- d-----w- c:\users\DOMA\AppData\Roaming\IObit
2017-02-06 07:42 . 2017-02-07 08:35 -------- d-----w- c:\program files\Common Files\mcb041bp
2017-02-06 07:21 . 2017-02-06 07:21 -------- d-----w- c:\users\DOMA\AppData\Roaming\Obsidium
2017-02-06 07:12 . 2017-02-15 07:26 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-06 07:12 . 2017-02-14 07:53 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-06 07:12 . 2017-02-14 07:53 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-06 07:12 . 2017-02-19 20:32 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-06 07:12 . 2017-02-22 06:42 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-06 07:11 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-06 07:11 . 2017-02-06 07:23 -------- d-----w- c:\programdata\Malwarebytes
2017-02-06 07:11 . 2017-02-06 07:11 -------- d-----w- c:\program files\Malwarebytes
2017-02-05 19:56 . 2017-02-05 19:56 -------- d-----w- c:\program files\Common Files\sbfa0qq4
2017-02-05 18:56 . 2017-02-05 18:56 -------- d-----w- c:\program files\Common Files\ydw2ozcb
2017-02-05 17:56 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\10jyf5qy
2017-02-05 13:44 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\kfbm5m0m
2017-02-04 21:32 . 2017-02-07 08:26 -------- d-----w- c:\program files\Common Files\ockpd0hx
2017-02-04 20:32 . 2017-02-04 20:32 -------- d-----w- c:\program files\Common Files\g21yf11m
2017-02-04 19:32 . 2017-02-04 19:32 -------- d-----w- c:\program files\Common Files\rhhpclnq
2017-02-04 18:32 . 2017-02-06 18:34 -------- d-----w- c:\program files\Common Files\0xjxryrl
2017-02-04 17:33 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\lpuvjabs
2017-02-04 17:10 . 2017-02-04 17:10 -------- d-----w- c:\programdata\GridinSoft
2017-02-04 16:32 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\y01qrndf
2017-02-04 15:32 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\rzrjc5sh
2017-02-04 14:34 . 2017-02-04 14:34 -------- d-----w- c:\users\DOMA\AppData\Local\AdvinstAnalytics
2017-02-04 14:31 . 2017-02-07 19:15 -------- d-----w- c:\program files\BitTorrent
2017-02-04 14:26 . 2017-02-04 14:26 -------- d-----w- c:\program files\żěŃą
2017-02-04 14:25 . 2017-02-04 14:25 -------- d-----w- c:\program files (x86)\Maoha
2017-02-04 14:25 . 2017-02-04 14:27 -------- d-----w- c:\users\DOMA\AppData\Roaming\UCChannel
2017-02-04 14:22 . 2017-02-04 14:23 -------- d-----w- c:\users\Default\AppData\Local\AdvinstAnalytics
2017-02-04 14:10 . 2017-02-04 14:10 -------- d-----w- c:\program files (x86)\Ashampoo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-14 18:57 . 2014-04-21 08:32 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 18:57 . 2014-04-21 08:32 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-11 20:47 . 2014-04-30 13:23 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:55 . 2017-01-11 18:30 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:55 . 2017-01-11 18:30 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:52 . 2017-01-11 18:30 210432 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-11 18:30 86528 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-11 18:30 28672 ----a-w- c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-11 18:30 135680 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-11 18:30 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-11 18:30 28160 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-11 18:30 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-11 18:30 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-11 18:30 312320 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-11 18:30 316928 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-11 18:29 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-11 18:29 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-11 18:30 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-11 18:30 730624 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-11 18:30 43520 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-11 18:30 22016 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-11 18:30 463872 ----a-w- c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-11 18:30 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 18:52 . 2017-01-11 18:30 123904 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 18:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-11 18:30 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 18:30 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-11 18:30 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-11 18:30 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-11 18:30 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 18:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-11 18:30 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 18:30 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-11 18:30 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-11 18:29 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-11 18:29 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-11 18:30 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-11 18:30 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-11 18:30 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-11 18:30 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-11 18:30 64000 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-11 18:30 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-11 18:30 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-11 18:30 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-11 18:30 30720 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-11 18:30 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-11 18:30 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-25 06:15 . 2017-01-22 19:06 33280 ----a-w- c:\windows\system32\drivers\usbser.sys
2016-11-25 06:15 . 2017-01-22 19:06 287232 ----a-w- c:\windows\system32\drivers\hw_quusbnet.sys
2016-11-25 06:15 . 2017-01-22 19:06 223232 ----a-w- c:\windows\system32\drivers\hw_quusbmdm.sys
2016-11-25 06:15 . 2017-01-22 19:06 2152176 ----a-w- c:\windows\system32\drivers\WUDFUpdate_01009.dll
2016-11-25 06:15 . 2017-01-22 19:06 18816 ----a-w- c:\windows\system32\drivers\ew_usbccgpfilter.sys
2016-11-25 06:15 . 2017-01-22 19:06 1721576 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2016-11-25 06:15 . 2017-01-22 19:06 126592 ----a-w- c:\windows\system32\drivers\hw_cdcacm.sys
2016-11-25 06:15 . 2017-01-22 19:06 116864 ----a-w- c:\windows\system32\drivers\hw_usbdev.sys
2016-11-25 06:15 . 2017-01-22 19:06 1002728 ----a-w- c:\windows\system32\drivers\winusbcoinstaller2.dll
2016-11-25 06:15 . 2014-06-09 19:44 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-12-17 50378880]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE" [2016-10-27 568904]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-02-08 9363672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-05-20 595992]
.
c:\users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-18 65588]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2014-4-22 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetbus64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbccgpfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2017-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21 18:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-11-14 2397120]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-11-14 1767712]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Export do &Tahiti - c:\program files (x86)\LightComp eDoklady Skenováni\iehelper.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-02-22 12:50:23
ComboFix-quarantined-files.txt 2017-02-22 11:50
ComboFix2.txt 2017-02-14 11:33
.
Před spuštěním: 9 582 596 096
Po spuštění: 9 541 701 632
.
- - End Of File - - A0FE72F42478E9F60831E9DC192C7F51
A36C5E4F47E84449FF07ED3517B43A31

#5 Příspěvek od **altrok** » 22 úno 2017 16:14

Spency píše:Počítač musí být napaden nějakým malware, takže je zbytečné přeinstalovat prohlížeč.
Musíte najít malware a odstranit ji. Pokud si nevíte, jak najdete na těchto stránkách: hxxp://www.icleansoftware.com/easy-way-to-remo ... fected-pc/

Hezky den Spency,
projdete si prosim pravidla kooperace pomocniku, zejmena kdy nelze pomahat. Vase rada je navic naprosto nedostatecna, protoze zrovna tento pocitac je zavirovany velice krasne a jsem si jisty, ze Vami poskytnuty navod problem zcela nevyresi.

Jenda939, chtel jsem od Vas log z prvniho spusteni ComboFixu, ne ComboFix spustit podruhe. ComboFix neni obycejna skenovaci utilita, ale agresivni antimalwarovy nastroj.

Pokud jeste nemate, presunte ComboFix na plochu.

Otevrete Poznamkovy blok (Start -> Spustit -> notepad)

zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Jenda939 · #6 Příspěvek od **Jenda939** » 23 úno 2017 13:12

Zdravím, přidávám log z combofixu. Děkuji za pomoc.

ComboFix 17-01-29.01 - DOMA 23.02.2017 12:52:03.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.3155 [GMT 1:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DOMA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-01-23 do 2017-02-23 )))))))))))))))))))))))))))))))
.
.
2017-02-23 12:00 . 2017-02-23 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-21 08:43 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F75B768F-8DAA-400F-915B-EEA0C33115C7}\mpengine.dll
2017-02-20 12:11 . 2017-02-20 12:21 -------- d-----w- c:\users\DOMA\AppData\Local\Google
2017-02-20 12:07 . 2017-02-20 12:11 -------- d-----w- c:\program files (x86)\Seznam.cz
2017-02-18 19:12 . 2017-02-18 19:19 -------- d-----w- c:\users\DOMA\AppData\Local\Mozilla
2017-02-18 19:12 . 2017-02-19 20:26 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2017-02-18 19:12 . 2017-02-19 20:26 -------- d-----w- c:\program files\Mozilla Firefox
2017-02-18 19:05 . 2017-02-18 19:05 -------- d-----w- c:\program files\CCleaner
2017-02-18 16:48 . 2017-02-18 16:48 -------- d-----w- c:\users\DOMA\AppData\Local\VS Revo Group
2017-02-18 16:48 . 2017-02-18 16:48 -------- d-----w- c:\programdata\VS Revo Group
2017-02-18 16:48 . 2016-12-16 07:53 40984 ----a-w- c:\windows\system32\drivers\revoflt.sys
2017-02-18 16:48 . 2017-02-18 16:48 -------- d-----w- c:\program files\VS Revo Group
2017-02-14 11:10 . 2017-02-14 11:10 -------- d-----w- c:\users\DOMA\AppData\Local\GHISLER
2017-02-13 12:08 . 2017-02-13 12:08 -------- d-----w- C:\zoek
2017-02-12 16:02 . 2017-02-12 16:02 -------- d-----w- c:\program files (x86)\MozBackup
2017-02-12 15:17 . 2017-02-12 15:17 -------- d-----w- c:\users\DOMA\AppData\Roaming\Navigator
2017-02-12 15:01 . 2017-02-21 08:47 -------- d-----w- C:\AdwCleaner
2017-02-10 09:08 . 2017-02-21 09:34 -------- d-----w- c:\program files\trend micro
2017-02-10 09:08 . 2017-02-11 19:07 -------- d-----w- C:\rsit
2017-02-06 10:53 . 2017-02-06 10:53 -------- d-----w- c:\users\DOMA\AppData\Local\ESET
2017-02-06 08:42 . 2017-02-06 08:42 -------- d-----w- c:\program files\Common Files\i45pc5hk
2017-02-06 08:05 . 2017-02-06 08:05 -------- d-----w- c:\windows\IObit
2017-02-06 08:05 . 2017-02-06 08:05 -------- d-----w- c:\programdata\IObit
2017-02-06 08:05 . 2017-02-06 08:05 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2017-02-06 08:04 . 2017-02-06 08:04 -------- d-----w- c:\program files (x86)\IObit
2017-02-06 08:04 . 2017-02-06 08:04 -------- d-----w- c:\users\DOMA\AppData\Roaming\IObit
2017-02-06 07:42 . 2017-02-07 08:35 -------- d-----w- c:\program files\Common Files\mcb041bp
2017-02-06 07:21 . 2017-02-06 07:21 -------- d-----w- c:\users\DOMA\AppData\Roaming\Obsidium
2017-02-06 07:12 . 2017-02-15 07:26 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-06 07:12 . 2017-02-14 07:53 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-06 07:12 . 2017-02-14 07:53 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-06 07:12 . 2017-02-19 20:32 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-06 07:12 . 2017-02-23 12:02 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-06 07:11 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-06 07:11 . 2017-02-06 07:23 -------- d-----w- c:\programdata\Malwarebytes
2017-02-06 07:11 . 2017-02-06 07:11 -------- d-----w- c:\program files\Malwarebytes
2017-02-05 19:56 . 2017-02-05 19:56 -------- d-----w- c:\program files\Common Files\sbfa0qq4
2017-02-05 18:56 . 2017-02-05 18:56 -------- d-----w- c:\program files\Common Files\ydw2ozcb
2017-02-05 17:56 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\10jyf5qy
2017-02-05 13:44 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\kfbm5m0m
2017-02-04 21:32 . 2017-02-07 08:26 -------- d-----w- c:\program files\Common Files\ockpd0hx
2017-02-04 20:32 . 2017-02-04 20:32 -------- d-----w- c:\program files\Common Files\g21yf11m
2017-02-04 19:32 . 2017-02-04 19:32 -------- d-----w- c:\program files\Common Files\rhhpclnq
2017-02-04 18:32 . 2017-02-06 18:34 -------- d-----w- c:\program files\Common Files\0xjxryrl
2017-02-04 17:33 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\lpuvjabs
2017-02-04 17:10 . 2017-02-04 17:10 -------- d-----w- c:\programdata\GridinSoft
2017-02-04 16:32 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\y01qrndf
2017-02-04 15:32 . 2017-02-06 18:37 -------- d-----w- c:\program files\Common Files\rzrjc5sh
2017-02-04 14:34 . 2017-02-04 14:34 -------- d-----w- c:\users\DOMA\AppData\Local\AdvinstAnalytics
2017-02-04 14:31 . 2017-02-07 19:15 -------- d-----w- c:\program files\BitTorrent
2017-02-04 14:26 . 2017-02-04 14:26 -------- d-----w- c:\program files\żěŃą
2017-02-04 14:25 . 2017-02-04 14:25 -------- d-----w- c:\program files (x86)\Maoha
2017-02-04 14:25 . 2017-02-04 14:27 -------- d-----w- c:\users\DOMA\AppData\Roaming\UCChannel
2017-02-04 14:22 . 2017-02-04 14:23 -------- d-----w- c:\users\Default\AppData\Local\AdvinstAnalytics
2017-02-04 14:10 . 2017-02-04 14:10 -------- d-----w- c:\program files (x86)\Ashampoo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-14 18:57 . 2014-04-21 08:32 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 18:57 . 2014-04-21 08:32 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-11 20:47 . 2014-04-30 13:23 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:55 . 2017-01-11 18:30 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:55 . 2017-01-11 18:30 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:52 . 2017-01-11 18:30 210432 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-11 18:30 86528 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-11 18:30 28672 ----a-w- c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-11 18:30 135680 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-11 18:30 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-11 18:30 28160 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-11 18:30 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-11 18:30 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-11 18:30 312320 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-11 18:30 316928 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-11 18:29 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-11 18:29 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-11 18:30 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-11 18:30 730624 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-11 18:30 43520 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-11 18:30 22016 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-11 18:30 463872 ----a-w- c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-11 18:30 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 18:52 . 2017-01-11 18:30 123904 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 18:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-11 18:30 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 18:30 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-11 18:30 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-11 18:30 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-11 18:30 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 18:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-11 18:30 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 18:30 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-11 18:30 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-11 18:29 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-11 18:29 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-11 18:30 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-11 18:30 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-11 18:30 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-11 18:30 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-11 18:30 64000 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-11 18:30 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-11 18:30 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-11 18:30 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-11 18:30 30720 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-11 18:30 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-11 18:30 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-12-17 50378880]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE" [2016-10-27 568904]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-02-08 9363672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-05-20 595992]
.
c:\users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-18 65588]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2014-4-22 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetbus64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbccgpfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2017-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21 18:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-11-14 2397120]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-11-14 1767712]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Export do &Tahiti - c:\program files (x86)\LightComp eDoklady Skenováni\iehelper.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Celkový čas: 2017-02-23 13:07:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-02-23 12:07
ComboFix2.txt 2017-02-22 11:50
ComboFix3.txt 2017-02-14 11:33
.
Před spuštěním: Volných bajtů: 10 460 921 856
Po spuštění: Volných bajtů: 10 251 120 640
.
- - End Of File - - 0C79708F72A30309E940DAF4E4FFBE3D
A36C5E4F47E84449FF07ED3517B43A31

#7 Příspěvek od **altrok** » 23 úno 2017 13:35

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan (Skenovani), pote na Clean (Cisteni)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

Jenda939 · #8 Příspěvek od **Jenda939** » 25 úno 2017 11:47

Zdravím, přidávám log z AdwCleaner. Po provedení došlo ke změně, že se změnila ikona firefox prohlížeče a při otevření nemůže najít firefox.exe. Dále nemůžu u firefoxu oteřít možnosti nastavení prohližeče a otevře se stránka s neplatnou adresou. U chromu při otvírání vyskočí chyba:(Načtení rozšíření z následujícího umístění se nezdařilo: C:\User\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk. Chybý soubor manifestu nebo jej nelze číst.) Děkuji za pomoc.

# AdwCleaner v6.043 - Log vytvořen 25/02/2017 v 09:47:24
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-24.1 [Server]
# Operační systém : Windows 7 Ultimate Service Pack 1 (X64)
# Uživatelské jméno : DOMA - DOMA-PC
# Spuštěno z : C:\Users\DOMA\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Software\BSD
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\BSD
[-] Klíč smazán: HKLM\SOFTWARE\BSD
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\BSD
[-] Hodnota smazána: HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [34279 Bajty] - [12/02/2017 16:12:59]
C:\AdwCleaner\AdwCleaner[C2].txt - [2468 Bajty] - [25/02/2017 09:47:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [30029 Bajty] - [12/02/2017 16:08:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [3191 Bajty] - [21/02/2017 09:47:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [3454 Bajty] - [25/02/2017 09:43:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2761 Bajty] ##########

#9 Příspěvek od **altrok** » 26 úno 2017 19:37

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

Jenda939 · #10 Příspěvek od **Jenda939** » 27 úno 2017 12:55

Zdravím, přidávám log z FRST.txt a v dalším postě bude Addition.txt. Děkuji za pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017
Ran by DOMA (administrator) on DOMA-PC (27-02-2017 12:44:23)
Running from C:\Users\DOMA\Desktop
Loaded Profiles: DOMA (Available Profiles: DOMA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ZONER software) C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [568904 2016-10-27] (ZONER software)
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-04-28]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2014-04-22]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-12-26]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3F7504C2-1AB7-4860-9282-9D115A4FA745}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-58790212-2234761543-3166528618-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-04] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pbbkeyzl.default
FF ProfilePath: C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default [2017-02-27]
FF Extension: (Seznam lištička) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\features\{d97b6aa6-1c7c-4918-804b-22629ae6df92}\disableSHA1rollout@mozilla.org.xpi [2017-02-25]
FF HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-20] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]
CHR Extension: (Prezentace Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-20]
CHR Extension: (Dokumenty Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-20]
CHR Extension: (Disk Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-20]
CHR Extension: (YouTube) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-20]
CHR Extension: (Gmail) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-20]
CHR Extension: (Chrome Media Router) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-10-09] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-27] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18816 2016-11-25] (Huawei Technologies Co., Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-06] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-27] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [117152 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 12:44 - 2017-02-27 12:45 - 00017925 _____ C:\Users\DOMA\Desktop\FRST.txt
2017-02-27 12:44 - 2017-02-27 12:44 - 00000000 ____D C:\FRST
2017-02-27 12:38 - 2017-02-27 12:38 - 02423296 _____ (Farbar) C:\Users\DOMA\Desktop\FRST64.exe
2017-02-25 11:52 - 2017-02-27 12:36 - 00001466 _____ C:\Users\DOMA\Desktop\firefox – zástupce.lnk
2017-02-23 13:07 - 2017-02-23 13:07 - 00021105 _____ C:\ComboFix.txt
2017-02-23 12:46 - 2017-02-23 12:46 - 00000000 _____ C:\Users\DOMA\Desktop\Nový textový dokument (5).txt
2017-02-20 13:25 - 2017-02-20 13:27 - 47281448 _____ C:\Users\DOMA\Downloads\Firefox Setup 51.0.1.exe
2017-02-20 13:13 - 2017-02-27 12:36 - 00001496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-20 13:13 - 2017-02-27 12:36 - 00001484 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-20 13:12 - 2017-02-20 13:12 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-20 13:12 - 2017-02-20 13:12 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-20 13:11 - 2017-02-20 13:21 - 00000000 ____D C:\Users\DOMA\AppData\Local\Google
2017-02-20 13:08 - 2017-02-20 13:08 - 00003122 _____ C:\Windows\System32\Tasks\{A2948D34-1791-4987-8884-DB549DB0A8F9}
2017-02-20 13:07 - 2017-02-20 13:11 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-02-20 13:06 - 2017-02-20 13:09 - 01129376 _____ (Google Inc.) C:\Users\DOMA\Downloads\ChromeSetup.exe
2017-02-18 20:12 - 2017-02-27 12:36 - 00000868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-18 20:12 - 2017-02-27 12:36 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-18 20:12 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-18 20:12 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-18 20:12 - 2017-02-18 20:19 - 00000000 ____D C:\Users\DOMA\AppData\Local\Mozilla
2017-02-18 20:12 - 2017-02-18 20:13 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Mozilla
2017-02-18 20:05 - 2017-02-18 20:05 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-18 20:05 - 2017-02-18 20:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-18 20:05 - 2017-02-18 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-18 20:05 - 2017-02-18 20:05 - 00000000 ____D C:\Program Files\CCleaner
2017-02-18 18:20 - 2017-02-18 18:23 - 47281448 _____ C:\Users\DOMA\Downloads\FirefoxSetup51.0.1cz64.exe
2017-02-18 17:48 - 2017-02-18 17:48 - 00001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\Users\DOMA\AppData\Local\VS Revo Group
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-18 17:48 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2017-02-18 17:47 - 2017-02-18 17:47 - 00000000 ____D C:\Users\DOMA\Downloads\zip001
2017-02-18 17:45 - 2017-02-18 17:46 - 11470252 _____ C:\Users\DOMA\Downloads\zip001.rar
2017-02-18 17:31 - 2017-02-18 17:32 - 09261616 _____ (Piriform Ltd) C:\Users\DOMA\Downloads\ccsetup527.exe
2017-02-14 12:12 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-14 12:12 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-14 12:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-14 12:11 - 2017-02-23 13:08 - 00000000 ____D C:\Qoobox
2017-02-14 12:10 - 2017-02-23 13:00 - 00000000 ____D C:\Windows\erdnt
2017-02-14 12:10 - 2017-02-14 12:10 - 00000000 ____D C:\Users\DOMA\AppData\Local\GHISLER
2017-02-14 12:09 - 2017-02-14 12:09 - 05659775 ____R (Swearware) C:\Users\DOMA\Desktop\ComboFix.exe
2017-02-13 13:08 - 2017-02-13 13:08 - 00000000 ____D C:\zoek
2017-02-13 09:38 - 2017-02-13 13:09 - 00002928 _____ C:\runcheck.txt
2017-02-12 17:46 - 2017-02-12 19:20 - 1340905472 _____ C:\Users\DOMA\Downloads\Detektiv-z-Hongkongu-2016-cz-dabing-super-komedie(Jackie-Chan).avi
2017-02-12 17:20 - 2017-02-13 10:02 - 00000000 ____D C:\zoek_backup
2017-02-12 17:19 - 2017-02-12 17:19 - 01309184 _____ C:\Users\DOMA\Desktop\zoek.exe
2017-02-12 17:03 - 2017-02-12 17:05 - 106086942 _____ C:\Users\DOMA\Documents\Firefox 51.0.1 (x86 cs) - 2017-02-12.pcv
2017-02-12 17:02 - 2017-02-12 17:02 - 00001027 _____ C:\Users\Public\Desktop\MozBackup.lnk
2017-02-12 17:02 - 2017-02-12 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2017-02-12 17:02 - 2017-02-12 17:02 - 00000000 ____D C:\Program Files (x86)\MozBackup
2017-02-12 17:01 - 2017-02-12 17:02 - 08479912 _____ C:\Users\DOMA\Downloads\MozBackup-1.5.1-EN.exe
2017-02-12 16:17 - 2017-02-12 16:17 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Navigator
2017-02-12 16:01 - 2017-02-25 09:47 - 00000000 ____D C:\AdwCleaner
2017-02-12 15:53 - 2017-02-12 15:54 - 04015056 _____ C:\Users\DOMA\Desktop\adwcleaner_6.043.exe
2017-02-12 15:46 - 2017-02-12 15:46 - 00012064 _____ C:\Users\DOMA\Desktop\JRT.txt
2017-02-12 15:41 - 2017-02-12 15:41 - 01663040 _____ (Malwarebytes) C:\Users\DOMA\Desktop\JRT.exe
2017-02-10 10:08 - 2017-02-21 10:34 - 00000000 ____D C:\Program Files\trend micro
2017-02-10 10:08 - 2017-02-11 20:07 - 00000000 ____D C:\rsit
2017-02-06 20:38 - 2017-02-06 20:38 - 00604928 _____ (Reimage) C:\Users\DOMA\Downloads\Nepotvrzeno 338031.crdownload
2017-02-06 11:53 - 2017-02-06 11:53 - 00000000 ____D C:\Users\DOMA\AppData\Local\ESET
2017-02-06 09:42 - 2017-02-06 09:42 - 00003388 _____ C:\Windows\System32\Tasks\r00y2roa
2017-02-06 09:42 - 2017-02-06 09:42 - 00000000 ____D C:\Program Files\Common Files\i45pc5hk
2017-02-06 09:20 - 2017-02-13 11:19 - 00000008 __RSH C:\Users\DOMA\ntuser.pol
2017-02-06 09:05 - 2017-02-06 09:06 - 00000000 ____D C:\Users\DOMA\AppData\LocalLow\IObit
2017-02-06 09:05 - 2017-02-06 09:05 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-06 09:05 - 2017-02-06 09:05 - 00000000 ____D C:\Windows\IObit
2017-02-06 09:05 - 2017-02-06 09:05 - 00000000 ____D C:\ProgramData\IObit
2017-02-06 09:04 - 2017-02-06 09:04 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\IObit
2017-02-06 09:04 - 2017-02-06 09:04 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-06 09:02 - 2017-02-06 09:02 - 00001374 ___RS C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk
2017-02-06 09:02 - 2017-02-06 09:02 - 00001200 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk
2017-02-06 09:02 - 2017-02-06 09:02 - 00001126 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk
2017-02-06 08:42 - 2017-02-07 09:35 - 00000000 ____D C:\Program Files\Common Files\mcb041bp
2017-02-06 08:42 - 2017-02-06 08:42 - 00003388 _____ C:\Windows\System32\Tasks\tiu3kfw1
2017-02-06 08:21 - 2017-02-06 08:21 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Obsidium
2017-02-06 08:12 - 2017-02-27 07:36 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-06 08:12 - 2017-02-19 21:32 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-06 08:12 - 2017-02-15 08:26 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-06 08:12 - 2017-02-14 08:53 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-06 08:12 - 2017-02-14 08:53 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-06 08:12 - 2017-02-06 08:12 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-06 08:12 - 2017-02-06 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-06 08:11 - 2017-02-06 08:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-06 08:11 - 2017-02-06 08:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-06 08:11 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-05 20:56 - 2017-02-05 20:56 - 00003388 _____ C:\Windows\System32\Tasks\rmhjipz0
2017-02-05 20:56 - 2017-02-05 20:56 - 00000000 ____D C:\Program Files\Common Files\sbfa0qq4
2017-02-05 19:56 - 2017-02-05 19:56 - 00003388 _____ C:\Windows\System32\Tasks\mkcp0ved
2017-02-05 19:56 - 2017-02-05 19:56 - 00000000 ____D C:\Program Files\Common Files\ydw2ozcb
2017-02-05 18:56 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\10jyf5qy
2017-02-05 18:56 - 2017-02-05 18:56 - 00003388 _____ C:\Windows\System32\Tasks\abxn15ua
2017-02-05 14:44 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\kfbm5m0m
2017-02-05 14:44 - 2017-02-05 14:44 - 00003388 _____ C:\Windows\System32\Tasks\zw1ycnv1
2017-02-05 13:51 - 2017-02-05 15:12 - 952975660 _____ C:\Users\DOMA\Desktop\Drak-přichází-CZ-Dabing-Akční-_-Krimi,-Hong-Kong-_-USA,-1973-Bruce-Lee....ID_-154291.avi
2017-02-04 22:32 - 2017-02-07 09:26 - 00000000 ____D C:\Program Files\Common Files\ockpd0hx
2017-02-04 22:32 - 2017-02-04 22:32 - 00003388 _____ C:\Windows\System32\Tasks\zhnnhnyg
2017-02-04 21:32 - 2017-02-04 21:32 - 00003388 _____ C:\Windows\System32\Tasks\om12lg5g
2017-02-04 21:32 - 2017-02-04 21:32 - 00000000 ____D C:\Program Files\Common Files\g21yf11m
2017-02-04 20:32 - 2017-02-04 20:32 - 00003388 _____ C:\Windows\System32\Tasks\dhnwoesl
2017-02-04 20:32 - 2017-02-04 20:32 - 00000000 ____D C:\Program Files\Common Files\rhhpclnq
2017-02-04 19:32 - 2017-02-06 19:34 - 00000000 ____D C:\Program Files\Common Files\0xjxryrl
2017-02-04 19:32 - 2017-02-04 19:32 - 00003388 _____ C:\Windows\System32\Tasks\msl5nfjj
2017-02-04 18:33 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\lpuvjabs
2017-02-04 18:33 - 2017-02-04 18:33 - 00003388 _____ C:\Windows\System32\Tasks\oxv1syn1
2017-02-04 18:10 - 2017-02-04 18:10 - 00000000 ____D C:\ProgramData\GridinSoft
2017-02-04 17:32 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\y01qrndf
2017-02-04 17:32 - 2017-02-04 17:32 - 00003388 _____ C:\Windows\System32\Tasks\2foxr4mn
2017-02-04 16:32 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\rzrjc5sh
2017-02-04 16:32 - 2017-02-04 16:32 - 00003388 _____ C:\Windows\System32\Tasks\qd05qzsy
2017-02-04 15:34 - 2017-02-04 15:34 - 00000000 ____D C:\Users\DOMA\AppData\Local\AdvinstAnalytics
2017-02-04 15:31 - 2017-02-07 20:15 - 00000000 ____D C:\Program Files\BitTorrent
2017-02-04 15:31 - 2017-02-04 15:31 - 00041472 _____ C:\Users\DOMA\AppData\Local\Subelectrics.dat
2017-02-04 15:30 - 2017-02-04 15:30 - 01907391 _____ C:\Users\DOMA\AppData\Roaming\Yearlam.tst
2017-02-04 15:26 - 2017-02-04 15:26 - 00000000 ____D C:\Program Files\żěŃą
2017-02-04 15:25 - 2017-02-04 15:27 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\UCChannel
2017-02-04 15:25 - 2017-02-04 15:25 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-02-04 15:22 - 2017-02-04 15:23 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-04 15:22 - 2017-02-04 15:23 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-04 15:11 - 2017-02-04 15:11 - 00001461 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 14 Compact Mode.lnk
2017-02-04 15:11 - 2017-02-04 15:11 - 00001299 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 14.lnk
2017-02-04 15:11 - 2017-02-04 15:11 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-04 15:11 - 2017-02-04 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-04 15:10 - 2017-02-04 15:10 - 00000000 ____D C:\Program Files (x86)\Ashampoo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 12:44 - 2016-11-18 07:24 - 00000000 ____D C:\Users\DOMA\AppData\LocalLow\Mozilla
2017-02-27 11:55 - 2014-05-06 06:29 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-27 08:06 - 2015-12-21 18:39 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Skype
2017-02-27 07:47 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-27 07:47 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-27 07:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-27 07:34 - 2014-04-22 14:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 11:52 - 2014-04-18 13:00 - 00007607 _____ C:\Users\DOMA\AppData\Local\resmon.resmoncfg
2017-02-23 17:41 - 2014-04-30 14:23 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 17:40 - 2014-04-30 14:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 13:03 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-02-21 09:36 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-20 20:13 - 2016-05-16 11:38 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Seznam.cz
2017-02-20 13:13 - 2014-04-18 12:55 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-19 21:15 - 2014-04-18 08:47 - 00001429 ____H C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-18 20:06 - 2015-11-19 18:26 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\TeamViewer
2017-02-18 20:06 - 2014-09-16 19:37 - 00000000 ____D C:\Windows\Minidump
2017-02-18 20:06 - 2014-05-10 22:18 - 00000000 ____D C:\Users\DOMA\AppData\Local\CrashDumps
2017-02-18 20:06 - 2014-04-18 09:38 - 00000000 ____D C:\Windows\Panther
2017-02-18 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-18 19:21 - 2014-05-01 20:08 - 00002804 _____ C:\Users\DOMA\Desktop\Nový textový dokument.txt
2017-02-18 18:16 - 2015-05-06 20:28 - 00000831 ____H C:\Users\DOMA\Desktop\LGMobile Support Tool.lnk
2017-02-18 10:47 - 2009-07-14 16:18 - 00681390 _____ C:\Windows\system32\perfh005.dat
2017-02-18 10:47 - 2009-07-14 16:18 - 00148224 _____ C:\Windows\system32\perfc005.dat
2017-02-18 10:47 - 2009-07-14 06:13 - 01622780 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 08:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-14 19:57 - 2014-05-06 06:29 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 19:57 - 2014-04-21 09:32 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 19:57 - 2014-04-21 09:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 19:57 - 2014-04-21 09:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 19:57 - 2014-04-21 09:32 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 11:19 - 2014-04-18 08:46 - 00000000 ____D C:\Users\DOMA
2017-02-13 10:02 - 2014-04-30 13:22 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Fighters
2017-02-13 10:02 - 2014-04-30 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
2017-02-13 10:02 - 2014-04-30 13:22 - 00000000 ____D C:\Program Files (x86)\Fighters
2017-02-13 10:02 - 2014-04-30 13:21 - 00000000 ____D C:\ProgramData\Fighters
2017-02-13 10:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-02-07 11:33 - 2015-03-12 18:48 - 00000000 ____D C:\Program Files (x86)\SumatraPDF
2017-02-07 11:32 - 2015-03-05 20:06 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2017-02-07 11:24 - 2015-04-17 13:12 - 00000000 ____D C:\Program Files (x86)\Blazers
2017-02-07 09:23 - 2015-04-17 13:12 - 00000000 ____D C:\Users\DOMA\AppData\Local\cmsiex
2017-02-06 11:42 - 2014-05-04 08:09 - 00000000 ____D C:\ProgramData\TEMP
2017-02-06 09:04 - 2014-04-21 09:33 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Adobe
2017-02-06 09:02 - 2014-06-09 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2017-02-04 15:10 - 2014-04-28 13:01 - 00000000 ____D C:\ProgramData\Ashampoo

==================== Files in the root of some directories =======

2017-02-04 15:30 - 2017-02-04 15:30 - 1907391 _____ () C:\Users\DOMA\AppData\Roaming\Yearlam.tst
2016-10-10 07:35 - 2016-10-10 07:35 - 0000092 _____ () C:\Users\DOMA\AppData\Local\fusioncache.dat
2015-11-06 22:52 - 2015-11-06 22:52 - 0000218 _____ () C:\Users\DOMA\AppData\Local\recently-used.xbel
2014-04-18 13:00 - 2017-02-25 11:52 - 0007607 _____ () C:\Users\DOMA\AppData\Local\resmon.resmoncfg
2017-02-04 15:31 - 2017-02-04 15:31 - 0041472 _____ () C:\Users\DOMA\AppData\Local\Subelectrics.dat
2014-04-21 15:03 - 2015-12-19 04:37 - 0004818 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 13:07

==================== End of FRST.txt ============================

Jenda939 · #11 Příspěvek od **Jenda939** » 27 úno 2017 12:56

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by DOMA (27-02-2017 12:45:52)
Running from C:\Users\DOMA\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-04-18 07:46:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-58790212-2234761543-3166528618-500 - Administrator - Disabled)
ASPNET (S-1-5-21-58790212-2234761543-3166528618-1002 - Limited - Enabled)
DOMA (S-1-5-21-58790212-2234761543-3166528618-1000 - Administrator - Enabled) => C:\Users\DOMA
Guest (S-1-5-21-58790212-2234761543-3166528618-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AIDA64 Engineer v4.30 (HKLM-x32\...\AIDA64 Engineer_is1) (Version: 4.30 - FinalWire Ltd.)
Aktualizace NVIDIA 2.11.4.125 (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.307 - ArcSoft)
Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Assassin's Creed ® III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.00 - Ubisoft)
Assassins Creed III version 5.1 (HKLM-x32\...\{B810D852-DFD6-ACIII-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Název společnosti:) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
DRIVERfighter (x32 Version: 1.1.160 - SPAMfighter ApS) Hidden
EXFO FastReporter 2 (64 Bit) (HKLM\...\{06949587-E622-4C72-962A-562FE0F06D2A}) (Version: 2.12.0.1747 - EXFO Inc.)
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
GIANTS Editor 5.0.3 64-bit (HKLM-x32\...\giants_editor_5.0.3_win64_is1) (Version: 5.0.3 - GIANTS Software GmbH)
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}) (Version: 13.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 51.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 51.0.1 (x64 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
nanoCAD 5.0 (HKLM-x32\...\{6D4250F7-DB33-4530-A9BD-A9D66BA34586}) (Version: 5.0.2520.2000 - Nanosoft)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOT ONLY TV (HKLM-x32\...\{213E2CCF-8265-444F-A6CA-40BD946A8D4A}) (Version: 1.00.0000 - Geniatech)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Editor 64bit 4 (HKLM\...\PDF Editor 64bit 4) (Version: - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - PhotoScape)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{450EE212-9867-4585-A7E5-02BFAED9D462}) (Version: 13.0.12.1494 - SAP)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - SumatraPDF)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 - Ghisler Software GmbH)
TotalMedia Setup (HKLM-x32\...\{24C4BB38-F45D-4247-90B9-7E6CAA877FF3}) (Version: 1.00.0000 - Conexant)
Traffic Exchange (x32 Version: 2.0.0 - Microleaves) Hidden <==== ATTENTION
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_CZ_is1) (Version: 19.1610.2.7 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10243DB0-C927-47C1-B8ED-FD17A43A4092} - System32\Tasks\msl5nfjj => C:\Program Files\Common Files\0xjxryrl\13be6pmus35sc.exe <==== ATTENTION
Task: {103D5C82-F1C8-405A-8F78-5F04DB0E8807} - System32\Tasks\{427F3582-5E97-42DF-B7CA-198B0C06BB9F} => pcalua.exe -a "F:\HRY\Crysis\crysis cele cd\setup.exe" -d "F:\HRY\Crysis\crysis cele cd"
Task: {10E98434-FCB4-4778-8AFA-A259107564E8} - System32\Tasks\r00y2roa => C:\Program Files\Common Files\i45pc5hk\7172bldjnwdjm.exe <==== ATTENTION
Task: {1D2C3EFE-FF28-4C22-877D-1A5E8B472C5F} - System32\Tasks\{7AE1647C-5BD6-40DE-B69E-4D8B2FFCF68F} => pcalua.exe -a D:\monsetup.exe -d D:\
Task: {2FEF0078-9997-4CEC-9FF9-1771CE7CDE62} - System32\Tasks\om12lg5g => C:\Program Files\Common Files\g21yf11m\3de07e0wy0zed.exe <==== ATTENTION
Task: {36D5D93F-B00A-403B-8D6A-B6E0F3E711F0} - System32\Tasks\qd05qzsy => C:\Program Files\Common Files\rzrjc5sh\53c10cyhjaxsz.exe <==== ATTENTION
Task: {49A6D459-304D-4070-BEEB-1E9D8F09DFE2} - System32\Tasks\{A2948D34-1791-4987-8884-DB549DB0A8F9} => pcalua.exe -a C:\Users\DOMA\Downloads\ChromeSetup.exe -d c:\Users\DOMA\Downloads
Task: {4BD90F4E-F660-4155-917F-80BF412AFA3C} - System32\Tasks\dhnwoesl => C:\Program Files\Common Files\rhhpclnq\a5d53isuvridv.exe <==== ATTENTION
Task: {59A892ED-0B31-47C0-BC0E-B9A6FE2B9084} - System32\Tasks\tiu3kfw1 => C:\Program Files\Common Files\mcb041bp\4994e0cx0sp3k.exe <==== ATTENTION
Task: {651EE160-7FF6-4A0C-9DAB-1326E02CD5BA} - System32\Tasks\abxn15ua => C:\Program Files\Common Files\10jyf5qy\a50ebwmaw5kwk.exe <==== ATTENTION
Task: {68274573-19FE-4609-A803-0C6B177AFDC7} - System32\Tasks\rmhjipz0 => C:\Program Files\Common Files\sbfa0qq4\80a25ncyitykk.exe <==== ATTENTION
Task: {6AA84F91-E58B-407A-855B-D18B8819A7EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {7B0F8DA2-5ED3-4DD8-9E03-B463A353091D} - System32\Tasks\{D1D761C6-8385-4AB1-BF68-8EFF4D854A5F} => pcalua.exe -a "F:\HRY\Crysis\crysis cele cd\AutoRunCD.exe" -d "F:\HRY\Crysis\crysis cele cd"
Task: {868A0AFE-80C9-4BE4-83B3-FE1E4AF4E2D8} - System32\Tasks\2foxr4mn => C:\Program Files\Common Files\y01qrndf\6a581cfhowvcy.exe <==== ATTENTION
Task: {A6D4C22D-6CD5-42ED-AD4F-868E87CC409E} - System32\Tasks\mkcp0ved => C:\Program Files\Common Files\ydw2ozcb\c8c6bcjla5zoy.exe <==== ATTENTION
Task: {AA36994D-1ACB-42FF-917C-35FFEF04D22A} - System32\Tasks\zhnnhnyg => C:\Program Files\Common Files\ockpd0hx\6883fa3d4fieh.exe <==== ATTENTION
Task: {BECD0C8F-8382-4EB5-8CDA-319B42A997A8} - System32\Tasks\zw1ycnv1 => C:\Program Files\Common Files\kfbm5m0m\9b2a1otfuqqnx.exe <==== ATTENTION
Task: {C2278BAF-3495-4440-A1EC-47A9D081EF48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {C71C3586-61A5-4BE2-B30D-6766419EFFF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-20] (Google Inc.)
Task: {D9401B70-73AE-482F-859B-325C0F3ABF70} - System32\Tasks\oxv1syn1 => C:\Program Files\Common Files\lpuvjabs\0597byvyygyxj.exe <==== ATTENTION
Task: {EBD990B5-1519-4727-B3FE-B7BF93C27F8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F5B4BE66-6B08-4AC2-8237-EA01252688F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Еxрlоrer (Nо Аdd-оns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic

ShortcutWithArgument: C:\Users\DOMA\Desktop\firefox – zástupce.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/

==================== Loaded Modules (Whitelisted) ==============

2014-04-22 14:04 - 2016-11-14 12:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2016-11-25 07:16 - 2016-11-25 07:16 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-12-20 09:10 - 2016-11-14 13:30 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-10-09 14:02 - 2016-10-09 14:02 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-02-06 08:11 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-08 03:52 - 2017-02-08 03:52 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-22 19:32 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2014-04-22 19:31 - 2007-04-19 08:39 - 00436992 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\fpxlib.dll
2014-04-22 19:31 - 2007-04-19 08:29 - 00273216 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\magengin.dll
2014-04-22 19:31 - 2007-04-19 08:29 - 00187136 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\kgl.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-02-23 13:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{986E42F8-0DCC-4C21-9EA2-4AF5F868A22E}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{5E0C5700-A21B-4D92-B1C3-C58D76B16E0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D753D0F5-5788-41F9-818B-9C543C9BEB43}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3CCACBAD-94B7-4687-B9A2-91E989FC2698}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{02D5C63E-EAC2-4070-9030-C7DBC6FD5B4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{8B6F2DA3-0E8B-4F8C-B861-5615AF5719BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8796D2D7-FA0B-4025-859A-15A0CB593714}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A24F502E-286B-480E-A56D-8D4DA04B3E7C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{429DFE64-C847-4F93-9190-C908AC26FFAC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{10B16006-959F-437A-8B65-BEEC2D939D80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F5DFC530-3D07-4F0C-8572-5C5B6E7376A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4FB7C90B-BEB4-4DBA-88AD-270BF149124D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{9DB5A591-3657-4E04-BDFE-35314B4B4EA4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{280AE985-4B49-4555-ABC7-9E5096CBB61D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{180D482D-1E10-4043-9B29-226503180B9F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{41989347-7A83-4E18-A3C5-31143D33B0E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F9B0ED26-B26E-4389-A79E-2C2F7F240ECD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E02074CC-0AEE-475B-8206-379AB687AD31}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{8979B06C-96F4-43ED-98B0-24D32089227B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{768B527E-1FF6-4B99-8E07-FE751287256E}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{3C58F50C-6ECA-4E6E-889D-5EC0DF15FB04}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [TCP Query User{93B8802B-ADF5-49C5-85B6-4AD12BA10099}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{5991A7FA-0B75-42CE-B36C-B5963C44AC12}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [{6A1AB645-6FE1-4121-B671-906CBB9769F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C4175045-2B20-497C-B1EF-E26426A024E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F727BF5E-550E-4FB8-B360-2403725974A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1520BDA0-4209-4B79-A54E-D81BE1602902}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8AA5A525-210F-4ACC-8888-3B87F716CEBE}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{23569C2F-BC4C-45A9-93ED-F88CD9CA9702}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1E0EFA09-A367-4514-A30D-B1879E10BEC7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9F5E2451-C8DB-4785-82C2-CB8A3ED7939F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E1D51801-60CF-4D0B-A8CD-464BC7CB2920}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3A0EAF2B-DC9C-4D49-BD45-2F5BEDF3CC0E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E700B23D-5214-4B63-A2B2-E55A7822C8F2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D442EB9F-8C21-4215-B6A0-19329C8E300A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{08FFF55B-6C7F-417E-BC7E-02C16FDDEE64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{987EC8E3-660D-4547-9B49-5D1C1217B28B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FB66F217-B802-4443-946D-B855D9CD43A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D33FC8C6-EC02-4AD7-902B-A3074A887248}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC25B0E5-B6AB-4DC2-BF0B-1993E46A347D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1EDB1E46-4CEB-4739-ADF6-B701371BAA57}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FDDEDD80-8D46-41AE-BBF7-A5F2FAE88A77}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{16467020-2FA0-496B-8DBA-8F5494B94CA4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-02-2017 12:49:28 ComboFix created restore point
23-02-2017 17:39:51 Windows Update

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Adaptér tunelového režimu Microsoft Teredo
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2017 11:17:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Skype.exe verze 7.17.0.105 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: de8

Čas spuštění: 01d28f441cd69ee7

Čas ukončení: 220

Cesta k aplikaci: C:\Program Files (x86)\Skype\Phone\Skype.exe

ID hlášení:

Error: (02/20/2017 01:10:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.

Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {88f89f43-7d70-427e-93cd-1af7bc5d7afd}

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (02/18/2017 08:11:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:39 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/18/2017 08:11:39 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:39 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (02/27/2017 07:36:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/27/2017 07:34:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:01:58, ‎26.‎2.‎2017) bylo neočekávané.

Error: (02/26/2017 09:00:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2017 06:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2017 06:57:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:56:12, ‎25.‎2.‎2017) bylo neočekávané.

Error: (02/25/2017 09:50:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/25/2017 09:47:47 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (02/25/2017 09:47:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/25/2017 09:47:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/25/2017 09:47:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Live ID Sign-in Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

CodeIntegrity:
===================================
Date: 2017-02-23 12:51:41.524
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-23 12:51:41.394
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-23 12:51:41.264
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-23 12:51:41.134
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-14 12:20:55.541
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-14 12:20:55.401
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 4095.12 MB
Available physical RAM: 3019.82 MB
Total Virtual: 8188.42 MB
Available Virtual: 6604.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:8.79 GB) NTFS
Drive e: (Data) (Fixed) (Total:368.1 GB) (Free:148.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 24C224C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#12 Příspěvek od **altrok** » 27 úno 2017 13:45

Odinstalujte starou a zranitelnou verzi Javy. Pokud Javu potrebujete, pak nainstalujte novou z java.com/verify - pozor na adware pri instalaci. Pote se presvedcte, ze starsi verze jsou odinstalovane. Z hlediska bezpecnosti (zranitelnosti a exploity) je lepsi ji nemit. Aktualni je 8U121. Verze Javy, ktere v PC mate nainstalovane:

Java 8 Update 91

Po provedeni fixlistu (viz nize) zapnete firewall a nainstalujte antivir - https://forum.viry.cz/viewtopic.php?f=1 ... &start=210

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\Common Files\lpuvjabs
File: C:\Program Files\Common Files\i45pc5hk\7172bldjnwdjm.exe
File: C:\Program Files\Common Files\0xjxryrl\13be6pmus35sc.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [568904 2016-10-27] (ZONER software)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Seznam lištička) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-23]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-02-10 10:08 - 2017-02-21 10:34 - 00000000 ____D C:\Program Files\trend micro
2017-02-10 10:08 - 2017-02-11 20:07 - 00000000 ____D C:\rsit
2017-02-06 20:38 - 2017-02-06 20:38 - 00604928 _____ (Reimage) C:\Users\DOMA\Downloads\Nepotvrzeno 338031.crdownload
2017-02-06 09:42 - 2017-02-06 09:42 - 00000000 ____D C:\Program Files\Common Files\i45pc5hk
2017-02-06 08:42 - 2017-02-07 09:35 - 00000000 ____D C:\Program Files\Common Files\mcb041bp
2017-02-06 08:42 - 2017-02-06 08:42 - 00003388 _____ C:\Windows\System32\Tasks\tiu3kfw1
Folder: C:\Users\DOMA\AppData\Roaming\Obsidium
2017-02-05 20:56 - 2017-02-05 20:56 - 00003388 _____ C:\Windows\System32\Tasks\rmhjipz0
2017-02-05 20:56 - 2017-02-05 20:56 - 00000000 ____D C:\Program Files\Common Files\sbfa0qq4
2017-02-05 19:56 - 2017-02-05 19:56 - 00003388 _____ C:\Windows\System32\Tasks\mkcp0ved
2017-02-05 19:56 - 2017-02-05 19:56 - 00000000 ____D C:\Program Files\Common Files\ydw2ozcb
2017-02-05 18:56 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\10jyf5qy
2017-02-05 18:56 - 2017-02-05 18:56 - 00003388 _____ C:\Windows\System32\Tasks\abxn15ua
2017-02-05 14:44 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\kfbm5m0m
2017-02-05 14:44 - 2017-02-05 14:44 - 00003388 _____ C:\Windows\System32\Tasks\zw1ycnv1
2017-02-04 22:32 - 2017-02-07 09:26 - 00000000 ____D C:\Program Files\Common Files\ockpd0hx
2017-02-04 22:32 - 2017-02-04 22:32 - 00003388 _____ C:\Windows\System32\Tasks\zhnnhnyg
2017-02-04 21:32 - 2017-02-04 21:32 - 00003388 _____ C:\Windows\System32\Tasks\om12lg5g
2017-02-04 21:32 - 2017-02-04 21:32 - 00000000 ____D C:\Program Files\Common Files\g21yf11m
2017-02-04 20:32 - 2017-02-04 20:32 - 00003388 _____ C:\Windows\System32\Tasks\dhnwoesl
2017-02-04 20:32 - 2017-02-04 20:32 - 00000000 ____D C:\Program Files\Common Files\rhhpclnq
2017-02-04 19:32 - 2017-02-06 19:34 - 00000000 ____D C:\Program Files\Common Files\0xjxryrl
2017-02-04 19:32 - 2017-02-04 19:32 - 00003388 _____ C:\Windows\System32\Tasks\msl5nfjj
2017-02-04 18:33 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\lpuvjabs
2017-02-04 18:33 - 2017-02-04 18:33 - 00003388 _____ C:\Windows\System32\Tasks\oxv1syn1
2017-02-04 17:32 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\y01qrndf
2017-02-04 17:32 - 2017-02-04 17:32 - 00003388 _____ C:\Windows\System32\Tasks\2foxr4mn
2017-02-04 16:32 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\rzrjc5sh
2017-02-04 16:32 - 2017-02-04 16:32 - 00003388 _____ C:\Windows\System32\Tasks\qd05qzsy
Folder: C:\ProgramData\GridinSoft
2017-02-04 15:31 - 2017-02-04 15:31 - 00041472 _____ C:\Users\DOMA\AppData\Local\Subelectrics.dat
2017-02-04 15:30 - 2017-02-04 15:30 - 01907391 _____ C:\Users\DOMA\AppData\Roaming\Yearlam.tst
2017-02-04 15:26 - 2017-02-04 15:26 - 00000000 ____D C:\Program Files\żěŃą
2017-02-04 15:25 - 2017-02-04 15:27 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\UCChannel
2017-02-04 15:25 - 2017-02-04 15:25 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-02-04 15:34 - 2017-02-04 15:34 - 00000000 ____D C:\Users\DOMA\AppData\Local\AdvinstAnalytics
2017-02-04 15:22 - 2017-02-04 15:23 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-04 15:22 - 2017-02-04 15:23 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
Folder: C:\Users\DOMA\AppData\Local\CrashDumps
File: C:\Users\DOMA\AppData\Roaming\Yearlam.tst
2017-02-04 15:30 - 2017-02-04 15:30 - 1907391 _____ () C:\Users\DOMA\AppData\Roaming\Yearlam.tst

Task: {10243DB0-C927-47C1-B8ED-FD17A43A4092} - System32\Tasks\msl5nfjj => C:\Program Files\Common Files\0xjxryrl\13be6pmus35sc.exe <==== ATTENTION
C:\Program Files\Common Files\0xjxryrl
Task: {103D5C82-F1C8-405A-8F78-5F04DB0E8807} - System32\Tasks\{427F3582-5E97-42DF-B7CA-198B0C06BB9F} => pcalua.exe -a "F:\HRY\Crysis\crysis cele cd\setup.exe" -d "F:\HRY\Crysis\crysis cele cd"
Task: {10E98434-FCB4-4778-8AFA-A259107564E8} - System32\Tasks\r00y2roa => C:\Program Files\Common Files\i45pc5hk\7172bldjnwdjm.exe <==== ATTENTION
C:\Program Files\Common Files\i45pc5hk
Task: {1D2C3EFE-FF28-4C22-877D-1A5E8B472C5F} - System32\Tasks\{7AE1647C-5BD6-40DE-B69E-4D8B2FFCF68F} => pcalua.exe -a D:\monsetup.exe -d D:\
Task: {2FEF0078-9997-4CEC-9FF9-1771CE7CDE62} - System32\Tasks\om12lg5g => C:\Program Files\Common Files\g21yf11m\3de07e0wy0zed.exe <==== ATTENTION
Task: {36D5D93F-B00A-403B-8D6A-B6E0F3E711F0} - System32\Tasks\qd05qzsy => C:\Program Files\Common Files\rzrjc5sh\53c10cyhjaxsz.exe <==== ATTENTION
C:\Program Files\Common Files\g21yf11m
C:\Program Files\Common Files\rzrjc5sh
Task: {49A6D459-304D-4070-BEEB-1E9D8F09DFE2} - System32\Tasks\{A2948D34-1791-4987-8884-DB549DB0A8F9} => pcalua.exe -a C:\Users\DOMA\Downloads\ChromeSetup.exe -d c:\Users\DOMA\Downloads
Task: {4BD90F4E-F660-4155-917F-80BF412AFA3C} - System32\Tasks\dhnwoesl => C:\Program Files\Common Files\rhhpclnq\a5d53isuvridv.exe <==== ATTENTION
Task: {59A892ED-0B31-47C0-BC0E-B9A6FE2B9084} - System32\Tasks\tiu3kfw1 => C:\Program Files\Common Files\mcb041bp\4994e0cx0sp3k.exe <==== ATTENTION
Task: {651EE160-7FF6-4A0C-9DAB-1326E02CD5BA} - System32\Tasks\abxn15ua => C:\Program Files\Common Files\10jyf5qy\a50ebwmaw5kwk.exe <==== ATTENTION
Task: {68274573-19FE-4609-A803-0C6B177AFDC7} - System32\Tasks\rmhjipz0 => C:\Program Files\Common Files\sbfa0qq4\80a25ncyitykk.exe <==== ATTENTION
C:\Program Files\Common Files\rhhpclnq
C:\Program Files\Common Files\mcb041bp
C:\Program Files\Common Files\10jyf5qy
C:\Program Files\Common Files\sbfa0qq4
Task: {7B0F8DA2-5ED3-4DD8-9E03-B463A353091D} - System32\Tasks\{D1D761C6-8385-4AB1-BF68-8EFF4D854A5F} => pcalua.exe -a "F:\HRY\Crysis\crysis cele cd\AutoRunCD.exe" -d "F:\HRY\Crysis\crysis cele cd"
Task: {868A0AFE-80C9-4BE4-83B3-FE1E4AF4E2D8} - System32\Tasks\2foxr4mn => C:\Program Files\Common Files\y01qrndf\6a581cfhowvcy.exe <==== ATTENTION
Task: {A6D4C22D-6CD5-42ED-AD4F-868E87CC409E} - System32\Tasks\mkcp0ved => C:\Program Files\Common Files\ydw2ozcb\c8c6bcjla5zoy.exe <==== ATTENTION
Task: {AA36994D-1ACB-42FF-917C-35FFEF04D22A} - System32\Tasks\zhnnhnyg => C:\Program Files\Common Files\ockpd0hx\6883fa3d4fieh.exe <==== ATTENTION
Task: {BECD0C8F-8382-4EB5-8CDA-319B42A997A8} - System32\Tasks\zw1ycnv1 => C:\Program Files\Common Files\kfbm5m0m\9b2a1otfuqqnx.exe <==== ATTENTION
C:\Program Files\Common Files\y01qrndf
C:\Program Files\Common Files\ydw2ozcb
C:\Program Files\Common Files\ockpd0hx
C:\Program Files\Common Files\kfbm5m0m
Task: {D9401B70-73AE-482F-859B-325C0F3ABF70} - System32\Tasks\oxv1syn1 => C:\Program Files\Common Files\lpuvjabs\0597byvyygyxj.exe <==== ATTENTION
C:\Program Files\Common Files\lpuvjabs
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Еxрlоrer (Nо Аdd-оns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
ShortcutWithArgument: C:\Users\DOMA\Desktop\firefox – zástupce.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
CMD: dir "C:\Program Files\Common Files"
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

Jenda939 · #13 Příspěvek od **Jenda939** » 01 bře 2017 13:26

Zdravím, přidávám fixlog. Děkuji za pomoc.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by DOMA (01-03-2017 12:50:57) Run:1
Running from C:\Users\DOMA\Desktop
Loaded Profiles: DOMA (Available Profiles: DOMA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\Common Files\lpuvjabs
File: C:\Program Files\Common Files\i45pc5hk\7172bldjnwdjm.exe
File: C:\Program Files\Common Files\0xjxryrl\13be6pmus35sc.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [568904 2016-10-27] (ZONER software)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Seznam lištička) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-23]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-02-10 10:08 - 2017-02-21 10:34 - 00000000 ____D C:\Program Files\trend micro
2017-02-10 10:08 - 2017-02-11 20:07 - 00000000 ____D C:\rsit
2017-02-06 20:38 - 2017-02-06 20:38 - 00604928 _____ (Reimage) C:\Users\DOMA\Downloads\Nepotvrzeno 338031.crdownload
2017-02-06 09:42 - 2017-02-06 09:42 - 00000000 ____D C:\Program Files\Common Files\i45pc5hk
2017-02-06 08:42 - 2017-02-07 09:35 - 00000000 ____D C:\Program Files\Common Files\mcb041bp
2017-02-06 08:42 - 2017-02-06 08:42 - 00003388 _____ C:\Windows\System32\Tasks\tiu3kfw1
Folder: C:\Users\DOMA\AppData\Roaming\Obsidium
2017-02-05 20:56 - 2017-02-05 20:56 - 00003388 _____ C:\Windows\System32\Tasks\rmhjipz0
2017-02-05 20:56 - 2017-02-05 20:56 - 00000000 ____D C:\Program Files\Common Files\sbfa0qq4
2017-02-05 19:56 - 2017-02-05 19:56 - 00003388 _____ C:\Windows\System32\Tasks\mkcp0ved
2017-02-05 19:56 - 2017-02-05 19:56 - 00000000 ____D C:\Program Files\Common Files\ydw2ozcb
2017-02-05 18:56 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\10jyf5qy
2017-02-05 18:56 - 2017-02-05 18:56 - 00003388 _____ C:\Windows\System32\Tasks\abxn15ua
2017-02-05 14:44 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\kfbm5m0m
2017-02-05 14:44 - 2017-02-05 14:44 - 00003388 _____ C:\Windows\System32\Tasks\zw1ycnv1
2017-02-04 22:32 - 2017-02-07 09:26 - 00000000 ____D C:\Program Files\Common Files\ockpd0hx
2017-02-04 22:32 - 2017-02-04 22:32 - 00003388 _____ C:\Windows\System32\Tasks\zhnnhnyg
2017-02-04 21:32 - 2017-02-04 21:32 - 00003388 _____ C:\Windows\System32\Tasks\om12lg5g
2017-02-04 21:32 - 2017-02-04 21:32 - 00000000 ____D C:\Program Files\Common Files\g21yf11m
2017-02-04 20:32 - 2017-02-04 20:32 - 00003388 _____ C:\Windows\System32\Tasks\dhnwoesl
2017-02-04 20:32 - 2017-02-04 20:32 - 00000000 ____D C:\Program Files\Common Files\rhhpclnq
2017-02-04 19:32 - 2017-02-06 19:34 - 00000000 ____D C:\Program Files\Common Files\0xjxryrl
2017-02-04 19:32 - 2017-02-04 19:32 - 00003388 _____ C:\Windows\System32\Tasks\msl5nfjj
2017-02-04 18:33 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\lpuvjabs
2017-02-04 18:33 - 2017-02-04 18:33 - 00003388 _____ C:\Windows\System32\Tasks\oxv1syn1
2017-02-04 17:32 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\y01qrndf
2017-02-04 17:32 - 2017-02-04 17:32 - 00003388 _____ C:\Windows\System32\Tasks\2foxr4mn
2017-02-04 16:32 - 2017-02-06 19:37 - 00000000 ____D C:\Program Files\Common Files\rzrjc5sh
2017-02-04 16:32 - 2017-02-04 16:32 - 00003388 _____ C:\Windows\System32\Tasks\qd05qzsy
Folder: C:\ProgramData\GridinSoft
2017-02-04 15:31 - 2017-02-04 15:31 - 00041472 _____ C:\Users\DOMA\AppData\Local\Subelectrics.dat
2017-02-04 15:30 - 2017-02-04 15:30 - 01907391 _____ C:\Users\DOMA\AppData\Roaming\Yearlam.tst
2017-02-04 15:26 - 2017-02-04 15:26 - 00000000 ____D C:\Program Files\żěŃą
2017-02-04 15:25 - 2017-02-04 15:27 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\UCChannel
2017-02-04 15:25 - 2017-02-04 15:25 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-02-04 15:34 - 2017-02-04 15:34 - 00000000 ____D C:\Users\DOMA\AppData\Local\AdvinstAnalytics
2017-02-04 15:22 - 2017-02-04 15:23 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-04 15:22 - 2017-02-04 15:23 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
Folder: C:\Users\DOMA\AppData\Local\CrashDumps
File: C:\Users\DOMA\AppData\Roaming\Yearlam.tst
2017-02-04 15:30 - 2017-02-04 15:30 - 1907391 _____ () C:\Users\DOMA\AppData\Roaming\Yearlam.tst

Task: {10243DB0-C927-47C1-B8ED-FD17A43A4092} - System32\Tasks\msl5nfjj => C:\Program Files\Common Files\0xjxryrl\13be6pmus35sc.exe <==== ATTENTION
C:\Program Files\Common Files\0xjxryrl
Task: {103D5C82-F1C8-405A-8F78-5F04DB0E8807} - System32\Tasks\{427F3582-5E97-42DF-B7CA-198B0C06BB9F} => pcalua.exe -a "F:\HRY\Crysis\crysis cele cd\setup.exe" -d "F:\HRY\Crysis\crysis cele cd"
Task: {10E98434-FCB4-4778-8AFA-A259107564E8} - System32\Tasks\r00y2roa => C:\Program Files\Common Files\i45pc5hk\7172bldjnwdjm.exe <==== ATTENTION
C:\Program Files\Common Files\i45pc5hk
Task: {1D2C3EFE-FF28-4C22-877D-1A5E8B472C5F} - System32\Tasks\{7AE1647C-5BD6-40DE-B69E-4D8B2FFCF68F} => pcalua.exe -a D:\monsetup.exe -d D:\
Task: {2FEF0078-9997-4CEC-9FF9-1771CE7CDE62} - System32\Tasks\om12lg5g => C:\Program Files\Common Files\g21yf11m\3de07e0wy0zed.exe <==== ATTENTION
Task: {36D5D93F-B00A-403B-8D6A-B6E0F3E711F0} - System32\Tasks\qd05qzsy => C:\Program Files\Common Files\rzrjc5sh\53c10cyhjaxsz.exe <==== ATTENTION
C:\Program Files\Common Files\g21yf11m
C:\Program Files\Common Files\rzrjc5sh
Task: {49A6D459-304D-4070-BEEB-1E9D8F09DFE2} - System32\Tasks\{A2948D34-1791-4987-8884-DB549DB0A8F9} => pcalua.exe -a C:\Users\DOMA\Downloads\ChromeSetup.exe -d c:\Users\DOMA\Downloads
Task: {4BD90F4E-F660-4155-917F-80BF412AFA3C} - System32\Tasks\dhnwoesl => C:\Program Files\Common Files\rhhpclnq\a5d53isuvridv.exe <==== ATTENTION
Task: {59A892ED-0B31-47C0-BC0E-B9A6FE2B9084} - System32\Tasks\tiu3kfw1 => C:\Program Files\Common Files\mcb041bp\4994e0cx0sp3k.exe <==== ATTENTION
Task: {651EE160-7FF6-4A0C-9DAB-1326E02CD5BA} - System32\Tasks\abxn15ua => C:\Program Files\Common Files\10jyf5qy\a50ebwmaw5kwk.exe <==== ATTENTION
Task: {68274573-19FE-4609-A803-0C6B177AFDC7} - System32\Tasks\rmhjipz0 => C:\Program Files\Common Files\sbfa0qq4\80a25ncyitykk.exe <==== ATTENTION
C:\Program Files\Common Files\rhhpclnq
C:\Program Files\Common Files\mcb041bp
C:\Program Files\Common Files\10jyf5qy
C:\Program Files\Common Files\sbfa0qq4
Task: {7B0F8DA2-5ED3-4DD8-9E03-B463A353091D} - System32\Tasks\{D1D761C6-8385-4AB1-BF68-8EFF4D854A5F} => pcalua.exe -a "F:\HRY\Crysis\crysis cele cd\AutoRunCD.exe" -d "F:\HRY\Crysis\crysis cele cd"
Task: {868A0AFE-80C9-4BE4-83B3-FE1E4AF4E2D8} - System32\Tasks\2foxr4mn => C:\Program Files\Common Files\y01qrndf\6a581cfhowvcy.exe <==== ATTENTION
Task: {A6D4C22D-6CD5-42ED-AD4F-868E87CC409E} - System32\Tasks\mkcp0ved => C:\Program Files\Common Files\ydw2ozcb\c8c6bcjla5zoy.exe <==== ATTENTION
Task: {AA36994D-1ACB-42FF-917C-35FFEF04D22A} - System32\Tasks\zhnnhnyg => C:\Program Files\Common Files\ockpd0hx\6883fa3d4fieh.exe <==== ATTENTION
Task: {BECD0C8F-8382-4EB5-8CDA-319B42A997A8} - System32\Tasks\zw1ycnv1 => C:\Program Files\Common Files\kfbm5m0m\9b2a1otfuqqnx.exe <==== ATTENTION
C:\Program Files\Common Files\y01qrndf
C:\Program Files\Common Files\ydw2ozcb
C:\Program Files\Common Files\ockpd0hx
C:\Program Files\Common Files\kfbm5m0m
Task: {D9401B70-73AE-482F-859B-325C0F3ABF70} - System32\Tasks\oxv1syn1 => C:\Program Files\Common Files\lpuvjabs\0597byvyygyxj.exe <==== ATTENTION
C:\Program Files\Common Files\lpuvjabs
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ??pl?rer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ?x?l?rer (N? ?dd-?ns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hrom?.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rnet ?x?lorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?fox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle Chr?me.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozill? Fir?fo?.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
ShortcutWithArgument: C:\Users\DOMA\Desktop\firefox – zástupce.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\DOMA\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
CMD: dir "C:\Program Files\Common Files"
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= Folder: C:\Program Files\Common Files\lpuvjabs ========================

2017-02-04 18:33 - 2016-11-10 10:56 - 0000258 _____ () C:\Program Files\Common Files\lpuvjabs\0597byvyygyxj.exe.config

====== End of Folder: ======

========================= File: C:\Program Files\Common Files\i45pc5hk\7172bldjnwdjm.exe ========================

"C:\Program Files\Common Files\i45pc5hk\7172bldjnwdjm.exe" => not found.
====== End of File: ======

========================= File: C:\Program Files\Common Files\0xjxryrl\13be6pmus35sc.exe ========================

"C:\Program Files\Common Files\0xjxryrl\13be6pmus35sc.exe" => not found.
====== End of File: ======

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => moved successfully
HKLM\System\CurrentControlSet\Services\andnetadb => key removed successfully
andnetadb => service removed successfully
HKLM\System\CurrentControlSet\Services\AndnetBus => key removed successfully
AndnetBus => service removed successfully
HKLM\System\CurrentControlSet\Services\AndNetDiag => key removed successfully
AndNetDiag => service removed successfully
HKLM\System\CurrentControlSet\Services\ANDNetModem => key removed successfully
ANDNetModem => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\usbbus => key removed successfully
usbbus => service removed successfully
HKLM\System\CurrentControlSet\Services\UsbDiag => key removed successfully
UsbDiag => service removed successfully
HKLM\System\CurrentControlSet\Services\USBModem => key removed successfully
USBModem => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
C:\Users\DOMA\Downloads\Nepotvrzeno 338031.crdownload => moved successfully
C:\Program Files\Common Files\i45pc5hk => moved successfully
C:\Program Files\Common Files\mcb041bp => moved successfully
C:\Windows\System32\Tasks\tiu3kfw1 => moved successfully

========================= Folder: C:\Users\DOMA\AppData\Roaming\Obsidium ========================

2017-02-06 08:21 - 2017-02-06 10:07 - 0000000 ___HD () C:\Users\DOMA\AppData\Roaming\Obsidium\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}

====== End of Folder: ======

C:\Windows\System32\Tasks\rmhjipz0 => moved successfully
C:\Program Files\Common Files\sbfa0qq4 => moved successfully
C:\Windows\System32\Tasks\mkcp0ved => moved successfully
C:\Program Files\Common Files\ydw2ozcb => moved successfully
C:\Program Files\Common Files\10jyf5qy => moved successfully
C:\Windows\System32\Tasks\abxn15ua => moved successfully
C:\Program Files\Common Files\kfbm5m0m => moved successfully
C:\Windows\System32\Tasks\zw1ycnv1 => moved successfully
C:\Program Files\Common Files\ockpd0hx => moved successfully
C:\Windows\System32\Tasks\zhnnhnyg => moved successfully
C:\Windows\System32\Tasks\om12lg5g => moved successfully
C:\Program Files\Common Files\g21yf11m => moved successfully
C:\Windows\System32\Tasks\dhnwoesl => moved successfully
C:\Program Files\Common Files\rhhpclnq => moved successfully
C:\Program Files\Common Files\0xjxryrl => moved successfully
C:\Windows\System32\Tasks\msl5nfjj => moved successfully
C:\Program Files\Common Files\lpuvjabs => moved successfully
C:\Windows\System32\Tasks\oxv1syn1 => moved successfully
C:\Program Files\Common Files\y01qrndf => moved successfully
C:\Windows\System32\Tasks\2foxr4mn => moved successfully
C:\Program Files\Common Files\rzrjc5sh => moved successfully
C:\Windows\System32\Tasks\qd05qzsy => moved successfully

========================= Folder: C:\ProgramData\GridinSoft ========================

2017-02-04 18:10 - 2017-02-04 18:11 - 0000000 ____D () C:\ProgramData\GridinSoft\Anti-Malware
2017-02-04 18:10 - 2017-02-06 10:20 - 0000000 ____D () C:\ProgramData\GridinSoft\Anti-Malware\database
2017-02-06 10:19 - 2017-02-06 10:19 - 0000141 _____ () C:\ProgramData\GridinSoft\Anti-Malware\database\vs.c
2017-02-04 18:11 - 2017-02-06 09:53 - 0000000 ____D () C:\ProgramData\GridinSoft\Anti-Malware\database\updates
2017-02-04 18:11 - 2017-02-06 08:00 - 0000000 ____D () C:\ProgramData\GridinSoft\Anti-Malware\logs
2017-02-05 17:59 - 2017-02-05 17:59 - 0045732 _____ () C:\ProgramData\GridinSoft\Anti-Malware\logs\history
2017-02-05 14:03 - 2017-02-05 14:03 - 1466507 _____ () C:\ProgramData\GridinSoft\Anti-Malware\logs\scan-2017-02-05 [14-03-48].log
2017-02-05 17:59 - 2017-02-05 17:59 - 0025416 _____ () C:\ProgramData\GridinSoft\Anti-Malware\logs\scan-2017-02-05 [17-59-00].log
2017-02-06 08:00 - 2017-02-06 08:00 - 1470898 _____ () C:\ProgramData\GridinSoft\Anti-Malware\logs\scan-2017-02-06 [08-00-51].log
2017-02-04 18:11 - 2017-02-04 18:11 - 0000000 ____D () C:\ProgramData\GridinSoft\Anti-Malware\storage

====== End of Folder: ======

C:\Users\DOMA\AppData\Local\Subelectrics.dat => moved successfully
C:\Users\DOMA\AppData\Roaming\Yearlam.tst => moved successfully
C:\Program Files\żěŃą => moved successfully
C:\Users\DOMA\AppData\Roaming\UCChannel => moved successfully
C:\Program Files (x86)\Maoha => moved successfully
C:\Users\DOMA\AppData\Local\AdvinstAnalytics => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.

========================= Folder: C:\Users\DOMA\AppData\Local\CrashDumps ========================

====== End of Folder: ======

========================= File: C:\Users\DOMA\AppData\Roaming\Yearlam.tst ========================

"C:\Users\DOMA\AppData\Roaming\Yearlam.tst" => not found.
====== End of File: ======

"C:\Users\DOMA\AppData\Roaming\Yearlam.tst" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10243DB0-C927-47C1-B8ED-FD17A43A4092} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10243DB0-C927-47C1-B8ED-FD17A43A4092} => key removed successfully
C:\Windows\System32\Tasks\msl5nfjj => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\msl5nfjj => key removed successfully
"C:\Program Files\Common Files\0xjxryrl" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{103D5C82-F1C8-405A-8F78-5F04DB0E8807} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{103D5C82-F1C8-405A-8F78-5F04DB0E8807} => key removed successfully
C:\Windows\System32\Tasks\{427F3582-5E97-42DF-B7CA-198B0C06BB9F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{427F3582-5E97-42DF-B7CA-198B0C06BB9F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10E98434-FCB4-4778-8AFA-A259107564E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10E98434-FCB4-4778-8AFA-A259107564E8} => key removed successfully
C:\Windows\System32\Tasks\r00y2roa => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\r00y2roa => key removed successfully
"C:\Program Files\Common Files\i45pc5hk" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D2C3EFE-FF28-4C22-877D-1A5E8B472C5F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D2C3EFE-FF28-4C22-877D-1A5E8B472C5F} => key removed successfully
C:\Windows\System32\Tasks\{7AE1647C-5BD6-40DE-B69E-4D8B2FFCF68F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AE1647C-5BD6-40DE-B69E-4D8B2FFCF68F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FEF0078-9997-4CEC-9FF9-1771CE7CDE62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FEF0078-9997-4CEC-9FF9-1771CE7CDE62} => key removed successfully
C:\Windows\System32\Tasks\om12lg5g => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\om12lg5g => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36D5D93F-B00A-403B-8D6A-B6E0F3E711F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36D5D93F-B00A-403B-8D6A-B6E0F3E711F0} => key removed successfully
C:\Windows\System32\Tasks\qd05qzsy => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\qd05qzsy => key removed successfully
"C:\Program Files\Common Files\g21yf11m" => not found.
"C:\Program Files\Common Files\rzrjc5sh" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49A6D459-304D-4070-BEEB-1E9D8F09DFE2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49A6D459-304D-4070-BEEB-1E9D8F09DFE2} => key removed successfully
C:\Windows\System32\Tasks\{A2948D34-1791-4987-8884-DB549DB0A8F9} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A2948D34-1791-4987-8884-DB549DB0A8F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BD90F4E-F660-4155-917F-80BF412AFA3C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BD90F4E-F660-4155-917F-80BF412AFA3C} => key removed successfully
C:\Windows\System32\Tasks\dhnwoesl => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dhnwoesl => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59A892ED-0B31-47C0-BC0E-B9A6FE2B9084} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59A892ED-0B31-47C0-BC0E-B9A6FE2B9084} => key removed successfully
C:\Windows\System32\Tasks\tiu3kfw1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tiu3kfw1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{651EE160-7FF6-4A0C-9DAB-1326E02CD5BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{651EE160-7FF6-4A0C-9DAB-1326E02CD5BA} => key removed successfully
C:\Windows\System32\Tasks\abxn15ua => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\abxn15ua => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68274573-19FE-4609-A803-0C6B177AFDC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68274573-19FE-4609-A803-0C6B177AFDC7} => key removed successfully
C:\Windows\System32\Tasks\rmhjipz0 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rmhjipz0 => key removed successfully
"C:\Program Files\Common Files\rhhpclnq" => not found.
"C:\Program Files\Common Files\mcb041bp" => not found.
"C:\Program Files\Common Files\10jyf5qy" => not found.
"C:\Program Files\Common Files\sbfa0qq4" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B0F8DA2-5ED3-4DD8-9E03-B463A353091D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B0F8DA2-5ED3-4DD8-9E03-B463A353091D} => key removed successfully
C:\Windows\System32\Tasks\{D1D761C6-8385-4AB1-BF68-8EFF4D854A5F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D1D761C6-8385-4AB1-BF68-8EFF4D854A5F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{868A0AFE-80C9-4BE4-83B3-FE1E4AF4E2D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{868A0AFE-80C9-4BE4-83B3-FE1E4AF4E2D8} => key removed successfully
C:\Windows\System32\Tasks\2foxr4mn => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2foxr4mn => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6D4C22D-6CD5-42ED-AD4F-868E87CC409E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D4C22D-6CD5-42ED-AD4F-868E87CC409E} => key removed successfully
C:\Windows\System32\Tasks\mkcp0ved => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mkcp0ved => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA36994D-1ACB-42FF-917C-35FFEF04D22A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA36994D-1ACB-42FF-917C-35FFEF04D22A} => key removed successfully
C:\Windows\System32\Tasks\zhnnhnyg => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zhnnhnyg => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BECD0C8F-8382-4EB5-8CDA-319B42A997A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BECD0C8F-8382-4EB5-8CDA-319B42A997A8} => key removed successfully
C:\Windows\System32\Tasks\zw1ycnv1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zw1ycnv1 => key removed successfully
"C:\Program Files\Common Files\y01qrndf" => not found.
"C:\Program Files\Common Files\ydw2ozcb" => not found.
"C:\Program Files\Common Files\ockpd0hx" => not found.
"C:\Program Files\Common Files\kfbm5m0m" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9401B70-73AE-482F-859B-325C0F3ABF70} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9401B70-73AE-482F-859B-325C0F3ABF70} => key removed successfully
C:\Windows\System32\Tasks\oxv1syn1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\oxv1syn1 => key removed successfully
"C:\Program Files\Common Files\lpuvjabs" => not found.
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
"C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ??pl?rer.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ?x?l?rer (N? ?dd-?ns).lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hrom?.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rnet ?x?lorer.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?fox.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle Chr?me.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozill? Fir?fo?.lnk" => Could not move.
C:\Users\DOMA\Desktop\firefox – zástupce.lnk => Shortcut argument removed successfully.
C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.

========= dir "C:\Program Files\Common Files" =========

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\Program Files\Common Files

01.03.2017 12:51 <DIR> .
01.03.2017 12:51 <DIR> ..
07.06.2014 00:30 <DIR> Microsoft Shared
14.07.2009 04:20 <DIR> Services
14.07.2009 04:20 <DIR> SpeechEngines
03.05.2014 08:49 <DIR> System
Soubor…: 0, Bajt…: 0
Adres ý…: 6, Volněch bajt…: 9˙747˙341˙312

========= End of CMD: =========

========= dir "C:\PROGRA~1" =========

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\PROGRA~1

01.03.2017 12:51 <DIR> .
01.03.2017 12:51 <DIR> ..
07.02.2017 20:15 <DIR> BitTorrent
18.02.2017 20:05 <DIR> CCleaner
19.12.2015 02:07 <DIR> Code Industry
01.03.2017 12:51 <DIR> Common Files
03.05.2014 08:49 <DIR> DVD Maker
14.12.2015 19:38 <DIR> EXFO
12.10.2015 10:00 <DIR> GIANTS Software
15.12.2016 08:36 <DIR> Internet Explorer
06.02.2017 08:11 <DIR> Malwarebytes
20.04.2016 10:19 <DIR> MATLAB
14.07.2009 16:37 <DIR> Microsoft Games
28.04.2014 08:01 <DIR> Microsoft Office
13.10.2016 06:09 <DIR> Microsoft Silverlight
19.02.2017 21:26 <DIR> Mozilla Firefox
14.07.2009 06:32 <DIR> MSBuild
20.12.2016 09:10 <DIR> NVIDIA Corporation
26.01.2015 16:06 <DIR> paint.net
19.12.2015 02:15 <DIR> PDF Editor 64bit 4
14.07.2009 06:32 <DIR> Reference Assemblies
26.12.2014 17:59 <DIR> SAMSUNG
18.02.2017 17:48 <DIR> VS Revo Group
04.05.2014 08:50 <DIR> Windows Defender
03.05.2014 08:49 <DIR> Windows Mail
13.10.2016 06:12 <DIR> Windows Media Player
18.04.2014 08:46 <DIR> Windows NT
03.05.2014 08:49 <DIR> Windows Photo Viewer
03.05.2014 08:49 <DIR> Windows Portable Devices
03.05.2014 08:49 <DIR> Windows Sidebar
06.01.2017 14:31 <DIR> Zoner
Soubor…: 0, Bajt…: 0
Adres ý…: 31, Volněch bajt…: 9˙747˙337˙216

========= End of CMD: =========

========= dir "C:\PROGRA~2" =========

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\PROGRA~2

01.03.2017 12:51 <DIR> .
01.03.2017 12:51 <DIR> ..
10.11.2016 09:01 <DIR> Activision
23.11.2015 09:50 <DIR> Adobe
22.04.2014 19:31 <DIR> ArcSoft
04.02.2017 15:10 <DIR> Ashampoo
20.12.2016 09:46 <DIR> Assassins Creed III
07.02.2017 11:24 <DIR> Blazers
01.03.2017 12:44 <DIR> Common Files
13.10.2016 23:10 <DIR> Electronic Arts
20.12.2016 08:50 <DIR> Farming Simulator 2013
13.02.2017 10:02 <DIR> Fighters
22.04.2014 16:52 <DIR> FinalWire
16.05.2016 11:38 <DIR> GanttProject-2.6
20.02.2017 13:13 <DIR> Google
22.01.2017 20:07 <DIR> HiSuite
15.05.2014 07:52 <DIR> HP
15.12.2016 08:36 <DIR> Internet Explorer
06.02.2017 09:04 <DIR> IObit
20.12.2016 08:49 <DIR> KMPlayer
24.05.2016 19:51 <DIR> Microsoft
28.04.2014 07:46 <DIR> Microsoft FrontPage
10.08.2014 09:14 <DIR> Microsoft Office
13.10.2016 06:09 <DIR> Microsoft Silverlight
28.04.2014 07:47 <DIR> Microsoft Visual Studio
28.04.2014 08:01 <DIR> Microsoft Visual Studio 8
21.12.2015 20:25 <DIR> Microsoft Works
28.04.2014 12:56 <DIR> Microsoft.NET
12.02.2017 17:02 <DIR> MozBackup
19.02.2017 21:26 <DIR> Mozilla Maintenance Service
21.12.2015 20:25 <DIR> MSBuild
28.04.2014 08:35 <DIR> MSECache
15.09.2016 10:41 <DIR> Nanosoft
14.12.2015 19:38 <DIR> National Instruments
22.04.2014 19:28 <DIR> NOT ONLY TV
10.05.2014 16:34 <DIR> Notepad++
20.12.2016 09:10 <DIR> NVIDIA Corporation
12.02.2015 18:30 <DIR> Origin
07.02.2017 11:32 <DIR> PhotoScape
14.10.2016 10:20 <DIR> Reality Pump
22.04.2014 19:35 <DIR> Realtek
14.07.2009 06:32 <DIR> Reference Assemblies
14.12.2015 19:33 <DIR> SAP BusinessObjects
20.02.2017 13:11 <DIR> Seznam.cz
21.12.2015 18:38 <DIR> Skype
07.02.2017 11:33 <DIR> SumatraPDF
01.12.2016 07:48 <DIR> TeamViewer
02.12.2014 08:26 <DIR> Valve
06.05.2014 12:47 <DIR> Webteh
04.05.2014 08:50 <DIR> Windows Defender
03.05.2014 08:49 <DIR> Windows Mail
13.10.2016 06:12 <DIR> Windows Media Player
14.07.2009 06:32 <DIR> Windows NT
03.05.2014 08:49 <DIR> Windows Photo Viewer
03.05.2014 08:49 <DIR> Windows Portable Devices
03.05.2014 08:49 <DIR> Windows Sidebar
06.11.2015 19:07 <DIR> WinPcap
Soubor…: 0, Bajt…: 0
Adres ý…: 57, Volněch bajt…: 9˙747˙333˙120

========= End of CMD: =========

========= dir "C:\PROGRA~3" =========

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\PROGRA~3

18.02.2017 19:28 <DIR> .
18.02.2017 19:28 <DIR> ..
23.11.2015 09:50 <DIR> Adobe
23.04.2014 19:38 <DIR> ArcSoft
04.02.2017 15:10 <DIR> Ashampoo
13.10.2016 22:41 <DIR> EA Core
12.02.2015 18:30 <DIR> Electronic Arts
14.12.2015 19:38 <DIR> Exfo
13.02.2017 10:02 <DIR> Fighters
04.02.2017 18:10 <DIR> GridinSoft
15.05.2014 07:52 <DIR> HP
15.05.2014 07:52 <DIR> HP Product Assistant
19.12.2015 04:37 4˙818 hpzinstall.log
06.02.2017 09:05 <DIR> IObit
06.05.2015 20:50 <DIR> LGMOBILEAX
06.02.2017 08:23 <DIR> Malwarebytes
15.12.2016 08:24 <DIR> Microsoft Help
15.09.2016 11:13 <DIR> Nanosoft
01.03.2017 07:52 <DIR> NVIDIA
23.12.2016 13:01 <DIR> NVIDIA Corporation
01.03.2017 12:45 <DIR> Oracle
05.08.2016 21:00 <DIR> Origin
14.12.2015 19:40 <DIR> SafeNet Sentinel
26.12.2014 17:59 <DIR> Samsung
21.12.2015 18:39 <DIR> Skype
29.12.2015 20:50 <DIR> Steam
06.02.2017 11:42 <DIR> TEMP
18.02.2017 17:48 <DIR> VS Revo Group
22.04.2014 13:01 <DIR> WEBREG
09.05.2014 20:15 <DIR> Zoner
Soubor…: 1, Bajt…: 4˙818
Adres ý…: 29, Volněch bajt…: 9˙747˙333˙120

========= End of CMD: =========

========= dir "%localappdata%" =========

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\Users\DOMA\AppData\Local

01.03.2017 12:51 <DIR> .
01.03.2017 12:51 <DIR> ..
10.11.2016 11:02 <DIR> Activision
23.11.2015 09:56 <DIR> Adobe
10.10.2016 07:36 <DIR> ApplicationHistory
18.04.2014 12:55 <DIR> Apps
22.04.2014 19:34 <DIR> ArcSoft
28.04.2014 13:03 <DIR> ashampoo
23.11.2015 09:56 <DIR> CEF
07.02.2017 09:23 <DIR> cmsiex
18.02.2017 20:06 <DIR> CrashDumps
18.04.2014 12:55 <DIR> Deployment
15.02.2017 08:29 <DIR> Diagnostics
02.12.2014 10:18 <DIR> Downloaded Installations
20.01.2016 17:00 <DIR> ElevatedDiagnostics
06.02.2017 11:53 <DIR> ESET
14.12.2015 20:17 <DIR> EXFO Inc
14.12.2015 20:16 <DIR> EXFO_Inc
10.10.2016 07:35 92 fusioncache.dat
11.10.2016 13:47 109˙568 GDIPFONTCACHEV1.DAT
14.02.2017 12:10 <DIR> GHISLER
09.05.2014 13:39 <DIR> GIANTS Editor 64bit 5.0.3
12.10.2015 10:00 <DIR> GIANTS Editor 64bit 6.0.3
12.10.2015 10:00 <DIR> GIANTSPackageRegistry
20.02.2017 13:21 <DIR> Google
20.12.2016 08:48 <DIR> GscWare
06.11.2015 22:08 <DIR> gtk-2.0
02.06.2015 07:57 <DIR> GWX
22.01.2017 20:07 <DIR> Hisuite
22.04.2014 13:01 <DIR> HP
02.12.2016 09:10 <DIR> LightComp
21.04.2014 09:33 <DIR> Macromedia
22.04.2016 09:40 <DIR> MathWorks
04.02.2017 15:33 <DIR> Microsoft
07.02.2015 11:25 <DIR> Microsoft Games
01.04.2016 20:37 <DIR> Microsoft Help
18.02.2017 20:19 <DIR> Mozilla
22.04.2014 14:07 <DIR> NVIDIA
20.12.2016 09:11 <DIR> NVIDIA Corporation
05.08.2016 21:00 <DIR> Origin
13.05.2014 13:45 <DIR> paint.net
22.04.2014 19:33 <DIR> Programs
06.11.2015 22:52 218 recently-used.xbel
25.02.2017 11:52 7˙607 resmon.resmoncfg
14.12.2015 20:17 <DIR> SafeNet Sentinel
02.12.2014 08:49 <DIR> SKIDROW
01.03.2017 12:51 <DIR> Temp
17.05.2016 12:30 <DIR> VirtualStore
18.02.2017 17:48 <DIR> VS Revo Group
06.01.2017 14:31 <DIR> Zoner
Soubor…: 4, Bajt…: 117˙485
Adres ý…: 46, Volněch bajt…: 9˙747˙329˙024

========= End of CMD: =========

========= dir "%appdata%" =========

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\Users\DOMA\AppData\Roaming

01.03.2017 12:51 <DIR> .
01.03.2017 12:51 <DIR> ..
06.02.2017 09:04 <DIR> Adobe
22.04.2014 19:36 <DIR> ArcSoft
28.04.2014 13:03 <DIR> Ashampoo
14.10.2016 19:19 <DIR> BSplayer PRO
19.12.2015 02:16 <DIR> CAD-KAS
13.02.2017 10:02 <DIR> Fighters
18.02.2015 20:11 <DIR> GHISLER
10.05.2014 17:21 <DIR> HP
21.11.2014 20:38 <DIR> HpUpdate
18.04.2014 08:46 <DIR> Identities
22.04.2014 19:35 <DIR> InstallShield
06.02.2017 09:04 <DIR> IObit
02.12.2016 09:10 <DIR> LightComp
21.04.2014 09:33 <DIR> Macromedia
20.04.2016 12:14 <DIR> MathWorks
14.07.2009 16:36 <DIR> Media Center Programs
28.04.2014 07:45 <DIR> Microsoft Web Folders
18.02.2017 20:13 <DIR> Mozilla
15.09.2016 11:11 <DIR> Nanosoft
12.02.2017 16:17 <DIR> Navigator
10.05.2014 16:34 <DIR> Notepad++
09.05.2014 13:39 <DIR> NVIDIA
06.02.2017 08:21 <DIR> Obsidium
12.02.2015 19:06 <DIR> Origin
20.02.2017 20:13 <DIR> Seznam.cz
27.02.2017 08:06 <DIR> Skype
22.04.2016 09:41 <DIR> Subversion
23.03.2015 20:39 <DIR> SumatraPDF
01.03.2017 12:45 <DIR> Sun
18.02.2017 20:06 <DIR> TeamViewer
20.12.2016 09:48 <DIR> Theta
04.05.2014 08:09 <DIR> URSoft
10.05.2014 08:11 <DIR> VitySoft
06.11.2015 19:40 <DIR> Wireshark
06.01.2017 14:31 <DIR> Zoner
Soubor…: 0, Bajt…: 0
Adres ý…: 37, Volněch bajt…: 9˙747˙329˙024

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15562775 B
Java, Flash, Steam htmlcache => 3633 B
Windows/system/drivers => 411881 B
Edge => 0 B
Chrome => 470268435 B
Firefox => 373521766 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 6844 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55443147 B
systemprofile32 => 64716334 B
LocalService => 132244 B
NetworkService => 0 B
DOMA => 14129497 B

RecycleBin => 24321096 B
EmptyTemp: => 979.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:52:17 ====

#14 Příspěvek od **altrok** » 01 bře 2017 13:30

Podle logu jsme pocitaci velice odlehcili - jak se PC chova ted? Dejte nove logy FRST.txt a Addition.txt.

Jenda939 · #15 Příspěvek od **Jenda939** » 05 bře 2017 09:42

Zdravím, stalo se mě od poslední změny, že se mě jednou pc kouslo při spuštěných dvou prohlížečů a jednoho programu jinak už ne. Chrom prohlížeč vypadaá, že je v pořadku a nezobrazuje při startu jinou stránku než navolenou. U firofoxu mi stále nejde nabídka možnosti a při jejím otevření vyskočí nová záložka, že je neplatná adresa a to samé při spuštění prohlížeče. Posílám logy z FRST. Děkuji za odpověď.

Log FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017
Ran by DOMA (administrator) on DOMA-PC (05-03-2017 09:28:32)
Running from C:\Users\DOMA\Desktop
Loaded Profiles: DOMA (Available Profiles: DOMA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-04-28]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2014-04-22]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-12-26]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3F7504C2-1AB7-4860-9282-9D115A4FA745}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-58790212-2234761543-3166528618-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pbbkeyzl.default
FF ProfilePath: C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default [2017-03-05]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\pbbkeyzl.default\features\{88fbf0ee-5c2e-450d-9213-41b203848864}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF HKU\S-1-5-21-58790212-2234761543-3166528618-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default [2017-03-05]
CHR Extension: (Prezentace Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-20]
CHR Extension: (Dokumenty Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-20]
CHR Extension: (Disk Google) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-20]
CHR Extension: (YouTube) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-20]
CHR Extension: (Gmail) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-20]
CHR Extension: (Chrome Media Router) - C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-10-09] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-27] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18816 2016-11-25] (Huawei Technologies Co., Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-06] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-05] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [117152 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 13:06 - 2017-03-02 13:07 - 00039343 _____ C:\Users\DOMA\Desktop\Addition.txt
2017-03-02 13:05 - 2017-03-05 09:29 - 00015357 _____ C:\Users\DOMA\Desktop\FRST.txt
2017-03-01 12:50 - 2017-03-01 12:52 - 00043650 _____ C:\Users\DOMA\Desktop\Fixlog.txt
2017-03-01 12:48 - 2017-03-01 12:48 - 00000000 _____ C:\Users\DOMA\Desktop\Nový textový dokument (6).txt
2017-02-27 12:44 - 2017-03-05 09:28 - 00000000 ____D C:\FRST
2017-02-27 12:38 - 2017-02-27 12:38 - 02423296 _____ (Farbar) C:\Users\DOMA\Desktop\FRST64.exe
2017-02-25 11:52 - 2017-03-01 12:51 - 00001007 _____ C:\Users\DOMA\Desktop\firefox – zástupce.lnk
2017-02-23 13:07 - 2017-02-23 13:07 - 00021105 _____ C:\ComboFix.txt
2017-02-23 12:46 - 2017-02-23 12:46 - 00000000 _____ C:\Users\DOMA\Desktop\Nový textový dokument (5).txt
2017-02-20 13:25 - 2017-02-20 13:27 - 47281448 _____ C:\Users\DOMA\Downloads\Firefox Setup 51.0.1.exe
2017-02-20 13:13 - 2017-03-01 12:51 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-20 13:13 - 2017-03-01 12:51 - 00001286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-20 13:12 - 2017-02-20 13:12 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-20 13:12 - 2017-02-20 13:12 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-20 13:11 - 2017-02-20 13:21 - 00000000 ____D C:\Users\DOMA\AppData\Local\Google
2017-02-20 13:07 - 2017-02-20 13:11 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-02-20 13:06 - 2017-02-20 13:09 - 01129376 _____ (Google Inc.) C:\Users\DOMA\Downloads\ChromeSetup.exe
2017-02-18 20:12 - 2017-03-01 12:40 - 00000868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-18 20:12 - 2017-03-01 12:40 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-18 20:12 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-18 20:12 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-18 20:12 - 2017-02-18 20:19 - 00000000 ____D C:\Users\DOMA\AppData\Local\Mozilla
2017-02-18 20:12 - 2017-02-18 20:13 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Mozilla
2017-02-18 20:05 - 2017-02-18 20:05 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-18 20:05 - 2017-02-18 20:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-18 20:05 - 2017-02-18 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-18 20:05 - 2017-02-18 20:05 - 00000000 ____D C:\Program Files\CCleaner
2017-02-18 18:20 - 2017-02-18 18:23 - 47281448 _____ C:\Users\DOMA\Downloads\FirefoxSetup51.0.1cz64.exe
2017-02-18 17:48 - 2017-02-18 17:48 - 00001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\Users\DOMA\AppData\Local\VS Revo Group
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-02-18 17:48 - 2017-02-18 17:48 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-18 17:48 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2017-02-18 17:47 - 2017-02-18 17:47 - 00000000 ____D C:\Users\DOMA\Downloads\zip001
2017-02-18 17:45 - 2017-02-18 17:46 - 11470252 _____ C:\Users\DOMA\Downloads\zip001.rar
2017-02-18 17:31 - 2017-02-18 17:32 - 09261616 _____ (Piriform Ltd) C:\Users\DOMA\Downloads\ccsetup527.exe
2017-02-14 12:12 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-14 12:12 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-14 12:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-14 12:12 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-14 12:11 - 2017-02-23 13:08 - 00000000 ____D C:\Qoobox
2017-02-14 12:10 - 2017-02-23 13:00 - 00000000 ____D C:\Windows\erdnt
2017-02-14 12:10 - 2017-02-14 12:10 - 00000000 ____D C:\Users\DOMA\AppData\Local\GHISLER
2017-02-14 12:09 - 2017-02-14 12:09 - 05659775 ____R (Swearware) C:\Users\DOMA\Desktop\ComboFix.exe
2017-02-13 13:08 - 2017-02-13 13:08 - 00000000 ____D C:\zoek
2017-02-13 09:38 - 2017-02-13 13:09 - 00002928 _____ C:\runcheck.txt
2017-02-12 17:46 - 2017-02-12 19:20 - 1340905472 _____ C:\Users\DOMA\Downloads\Detektiv-z-Hongkongu-2016-cz-dabing-super-komedie(Jackie-Chan).avi
2017-02-12 17:20 - 2017-02-13 10:02 - 00000000 ____D C:\zoek_backup
2017-02-12 17:19 - 2017-02-12 17:19 - 01309184 _____ C:\Users\DOMA\Desktop\zoek.exe
2017-02-12 17:03 - 2017-02-12 17:05 - 106086942 _____ C:\Users\DOMA\Documents\Firefox 51.0.1 (x86 cs) - 2017-02-12.pcv
2017-02-12 17:02 - 2017-02-12 17:02 - 00001027 _____ C:\Users\Public\Desktop\MozBackup.lnk
2017-02-12 17:02 - 2017-02-12 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2017-02-12 17:02 - 2017-02-12 17:02 - 00000000 ____D C:\Program Files (x86)\MozBackup
2017-02-12 17:01 - 2017-02-12 17:02 - 08479912 _____ C:\Users\DOMA\Downloads\MozBackup-1.5.1-EN.exe
2017-02-12 16:17 - 2017-02-12 16:17 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Navigator
2017-02-12 16:01 - 2017-02-25 09:47 - 00000000 ____D C:\AdwCleaner
2017-02-12 15:53 - 2017-02-12 15:54 - 04015056 _____ C:\Users\DOMA\Desktop\adwcleaner_6.043.exe
2017-02-12 15:46 - 2017-02-12 15:46 - 00012064 _____ C:\Users\DOMA\Desktop\JRT.txt
2017-02-12 15:41 - 2017-02-12 15:41 - 01663040 _____ (Malwarebytes) C:\Users\DOMA\Desktop\JRT.exe
2017-02-06 11:53 - 2017-02-06 11:53 - 00000000 ____D C:\Users\DOMA\AppData\Local\ESET
2017-02-06 09:20 - 2017-02-13 11:19 - 00000008 __RSH C:\Users\DOMA\ntuser.pol
2017-02-06 09:05 - 2017-02-06 09:06 - 00000000 ____D C:\Users\DOMA\AppData\LocalLow\IObit
2017-02-06 09:05 - 2017-02-06 09:05 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-06 09:05 - 2017-02-06 09:05 - 00000000 ____D C:\Windows\IObit
2017-02-06 09:05 - 2017-02-06 09:05 - 00000000 ____D C:\ProgramData\IObit
2017-02-06 09:04 - 2017-02-06 09:04 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\IObit
2017-02-06 09:04 - 2017-02-06 09:04 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-06 09:02 - 2017-02-06 09:02 - 00001374 ____N C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk
2017-02-06 09:02 - 2017-02-06 09:02 - 00001200 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk
2017-02-06 09:02 - 2017-02-06 09:02 - 00001126 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk
2017-02-06 08:21 - 2017-02-06 08:21 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Obsidium
2017-02-06 08:12 - 2017-03-05 08:32 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-06 08:12 - 2017-02-19 21:32 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-06 08:12 - 2017-02-15 08:26 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-06 08:12 - 2017-02-14 08:53 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-06 08:12 - 2017-02-14 08:53 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-06 08:12 - 2017-02-06 08:12 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-06 08:12 - 2017-02-06 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-06 08:11 - 2017-03-03 20:26 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-06 08:11 - 2017-02-06 08:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-06 08:11 - 2017-02-06 08:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-05 13:51 - 2017-02-05 15:12 - 952975660 _____ C:\Users\DOMA\Desktop\Drak-přichází-CZ-Dabing-Akční-_-Krimi,-Hong-Kong-_-USA,-1973-Bruce-Lee....ID_-154291.avi
2017-02-04 18:10 - 2017-02-04 18:10 - 00000000 ____D C:\ProgramData\GridinSoft
2017-02-04 15:31 - 2017-02-07 20:15 - 00000000 ____D C:\Program Files\BitTorrent
2017-02-04 15:11 - 2017-02-04 15:11 - 00001461 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 14 Compact Mode.lnk
2017-02-04 15:11 - 2017-02-04 15:11 - 00001299 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 14.lnk
2017-02-04 15:11 - 2017-02-04 15:11 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-04 15:11 - 2017-02-04 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-04 15:10 - 2017-02-04 15:10 - 00000000 ____D C:\Program Files (x86)\Ashampoo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 09:28 - 2016-11-18 07:24 - 00000000 ____D C:\Users\DOMA\AppData\LocalLow\Mozilla
2017-03-05 08:55 - 2014-05-06 06:29 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-05 08:43 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-05 08:43 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-05 08:30 - 2014-04-22 14:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-05 08:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-04 18:07 - 2015-12-21 18:39 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Skype
2017-03-01 12:52 - 2014-05-14 20:38 - 00000000 ____D C:\Users\DOMA\AppData\LocalLow\Temp
2017-03-01 12:45 - 2016-04-02 15:34 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Sun
2017-03-01 12:45 - 2016-04-02 15:32 - 00000000 ____D C:\Users\DOMA\AppData\LocalLow\Oracle
2017-03-01 12:45 - 2014-05-09 20:42 - 00000000 ____D C:\ProgramData\Oracle
2017-03-01 12:45 - 2014-05-09 20:39 - 00000000 ____D C:\Users\DOMA\AppData\LocalLow\Sun
2017-03-01 08:04 - 2015-11-23 09:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-25 11:52 - 2014-04-18 13:00 - 00007607 _____ C:\Users\DOMA\AppData\Local\resmon.resmoncfg
2017-02-23 17:41 - 2014-04-30 14:23 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 17:40 - 2014-04-30 14:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 13:03 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-02-21 09:36 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-20 20:13 - 2016-05-16 11:38 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Seznam.cz
2017-02-20 13:13 - 2014-04-18 12:55 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-19 21:15 - 2014-04-18 08:47 - 00001429 _____ C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-18 20:06 - 2015-11-19 18:26 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\TeamViewer
2017-02-18 20:06 - 2014-09-16 19:37 - 00000000 ____D C:\Windows\Minidump
2017-02-18 20:06 - 2014-05-10 22:18 - 00000000 ____D C:\Users\DOMA\AppData\Local\CrashDumps
2017-02-18 20:06 - 2014-04-18 09:38 - 00000000 ____D C:\Windows\Panther
2017-02-18 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-18 19:21 - 2014-05-01 20:08 - 00002804 _____ C:\Users\DOMA\Desktop\Nový textový dokument.txt
2017-02-18 18:16 - 2015-05-06 20:28 - 00000831 ____H C:\Users\DOMA\Desktop\LGMobile Support Tool.lnk
2017-02-18 10:47 - 2009-07-14 16:18 - 00681390 _____ C:\Windows\system32\perfh005.dat
2017-02-18 10:47 - 2009-07-14 16:18 - 00148224 _____ C:\Windows\system32\perfc005.dat
2017-02-18 10:47 - 2009-07-14 06:13 - 01622780 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 08:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-14 19:57 - 2014-05-06 06:29 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 19:57 - 2014-04-21 09:32 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 19:57 - 2014-04-21 09:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 19:57 - 2014-04-21 09:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 19:57 - 2014-04-21 09:32 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 11:19 - 2014-04-18 08:46 - 00000000 ____D C:\Users\DOMA
2017-02-13 10:02 - 2014-04-30 13:22 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Fighters
2017-02-13 10:02 - 2014-04-30 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
2017-02-13 10:02 - 2014-04-30 13:22 - 00000000 ____D C:\Program Files (x86)\Fighters
2017-02-13 10:02 - 2014-04-30 13:21 - 00000000 ____D C:\ProgramData\Fighters
2017-02-13 10:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-02-07 11:33 - 2015-03-12 18:48 - 00000000 ____D C:\Program Files (x86)\SumatraPDF
2017-02-07 11:32 - 2015-03-05 20:06 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2017-02-07 11:24 - 2015-04-17 13:12 - 00000000 ____D C:\Program Files (x86)\Blazers
2017-02-07 09:23 - 2015-04-17 13:12 - 00000000 ____D C:\Users\DOMA\AppData\Local\cmsiex
2017-02-06 11:42 - 2014-05-04 08:09 - 00000000 ____D C:\ProgramData\TEMP
2017-02-06 09:04 - 2014-04-21 09:33 - 00000000 ____D C:\Users\DOMA\AppData\Roaming\Adobe
2017-02-06 09:02 - 2014-06-09 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2017-02-04 15:10 - 2014-04-28 13:01 - 00000000 ____D C:\ProgramData\Ashampoo

==================== Files in the root of some directories =======

2016-10-10 07:35 - 2016-10-10 07:35 - 0000092 _____ () C:\Users\DOMA\AppData\Local\fusioncache.dat
2015-11-06 22:52 - 2015-11-06 22:52 - 0000218 _____ () C:\Users\DOMA\AppData\Local\recently-used.xbel
2014-04-18 13:00 - 2017-02-25 11:52 - 0007607 _____ () C:\Users\DOMA\AppData\Local\resmon.resmoncfg
2014-04-21 15:03 - 2015-12-19 04:37 - 0004818 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 16:16

==================== End of FRST.txt ============================

VIRY.CZ

Vir qtipr.com

Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com

Re: Vir qtipr.com