RSA 4096

Zpráva

vaciky · #1 Příspěvek od **vaciky** » 22 úno 2017 18:33

Dobrý den, hledal jsem toto téma ale nenašel prosím nevíte někdo nebo nemáte návod jak odstranit RSA 4096?

#2 Příspěvek od **Rudy** » 22 úno 2017 18:58

Zdravím!
RSA 4096 je ransomware. Což je šmejd, který vám dokáže zašifrovat dokumenty, případně celý PC. PC (pokud je přístupné), vám můžeme vyčistit, ale dokumenty vám nedešifrujeme. K tomu je třeba přímý přístup do PC, což nemáme právně ošetřeno. Chcete-li, dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

vaciky · #3 Příspěvek od **vaciky** » 23 úno 2017 11:35

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by woya (administrator) on WOYTA (23-02-2017 11:25:20)
Running from C:\Users\woya\Downloads
Loaded Profiles: woya (Available Profiles: woya & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\szninstall.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmui.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1475344 2016-03-24] (Lavasoft)
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [Steam] => "C:\Users\woya\Desktop\Nová složka\steam.exe" -silent
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [GSplay.exe] => C:\Users\woya\Desktop\GSplay.exe
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\woya\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\woya\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-07] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9D8B0457-CB80-45F2-93FC-226FF32ED990}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {07DABBBB-7C71-43CD-9A0B-38218CEB43CD} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {20A794BE-539A-4ABE-905E-BF7262C67DA1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {35F1F2F5-6E9B-4FA5-9365-06DE685EC9F6} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {4676566E-8E36-47B1-AC52-289DD87C7642} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {7FF58829-AE7D-4698-88BB-44079369A2F9} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {8BBC4653-7911-4317-8A75-C5E56D3170AC} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {9814D5FA-946F-4F51-80CC-417F8AE0ABD5} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10196_swoc_campaign_150907__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {C7F25AC1-915D-414D-B4E2-19DE7550F76E} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {F0473FF6-D974-430F-843B-597BE706BBA0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_FF.xpi => not found
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Prezentace Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-29]
CHR Extension: (Dokumenty Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-29]
CHR Extension: (Disk Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-29]
CHR Extension: (Seznam Lištička - Email) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-02-22]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-02-22]
CHR Extension: (YouTube) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Tabulky Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-02-22]
CHR Extension: (Gmail) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [315376 2014-06-09] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-03-24] (Lavasoft Limited)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-03-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2015-09-08] (Disc Soft Ltd)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 11:25 - 2017-02-23 11:26 - 00020011 _____ C:\Users\woya\Downloads\FRST.txt
2017-02-23 11:25 - 2017-02-23 11:25 - 00000000 ____D C:\FRST
2017-02-23 11:23 - 2017-02-23 11:23 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 01107968 _____ C:\Users\woya\Downloads\RSIT.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 00000000 ____D C:\Program Files (x86)\trend micro
2017-02-22 18:18 - 2017-02-22 18:18 - 01324032 _____ C:\Users\woya\Downloads\RSITx64 (1).exe
2017-02-22 18:13 - 2017-02-22 18:13 - 01222144 _____ C:\Users\woya\Downloads\RSITx64.exe
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\rsit
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\Program Files\trend micro
2017-02-22 17:12 - 2017-02-22 17:12 - 00023032 _____ (Wiper Software) C:\WINDOWS\system32\wiperrm.exe
2017-02-22 17:12 - 2017-02-22 17:12 - 00003278 _____ C:\WINDOWS\System32\Tasks\WiperSoft Startup
2017-02-22 17:12 - 2017-02-22 17:12 - 00000786 _____ C:\Users\woya\Desktop\WiperSoft.lnk
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Users\woya\AppData\Roaming\WiperSoft
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Users\woya\AppData\Local\CrashRpt
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Program Files\WiperSoft
2017-02-22 17:11 - 2017-02-22 17:11 - 01944616 _____ (WiperSoft) C:\Users\woya\Downloads\WiperSoft-installer.exe
2017-02-22 16:31 - 2017-02-22 17:32 - 00000000 ____D C:\WINDOWS\pss
2017-02-19 21:08 - 2017-02-19 21:08 - 00000791 _____ C:\Users\woya\Desktop\Start Tor Browser.lnk
2017-02-19 21:07 - 2017-02-19 21:08 - 00000000 ____D C:\Users\woya\Desktop\Tor Browser
2017-02-16 19:09 - 2017-02-20 20:09 - 00000000 ____D C:\Users\woya\Documents\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00001373 _____ C:\Users\Public\Desktop\18 WoS Extreme Trucker.lnk
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\Program Files (x86)\18 WoS Extreme Trucker
2017-02-10 17:35 - 2017-02-10 17:51 - 00000000 ____D C:\ProgramData\Nero
2017-02-10 17:28 - 2017-02-10 17:41 - 00000000 ____D C:\Users\woya\AppData\Roaming\Nero
2017-02-09 16:34 - 2017-02-10 17:40 - 00000000 ____D C:\Users\woya\Desktop\2017 cd
2017-02-05 20:22 - 2017-02-12 20:06 - 00000000 ____D C:\Users\woya\Desktop\garáž inspirace
2017-02-03 21:31 - 2017-02-03 21:31 - 00003366 _____ C:\WINDOWS\System32\Tasks\avastBCLS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00004214 _____ C:\WINDOWS\System32\Tasks\avast! BCU UpdateS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00001153 _____ C:\Users\woya\Desktop\Avast Browser Cleanup.lnk
2017-02-03 21:30 - 2017-02-03 21:30 - 00000000 ____D C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 11:26 - 2016-04-07 20:26 - 00000000 ____D C:\Users\woya\AppData\Roaming\Seznam.cz
2017-02-23 11:26 - 2016-01-31 09:11 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-23 11:25 - 2015-07-29 18:21 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-23 11:24 - 2015-07-29 18:21 - 00000000 ____D C:\Users\woya\AppData\Local\CrashDumps
2017-02-23 11:22 - 2015-01-17 04:40 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-23 11:22 - 2015-01-17 04:40 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-23 11:22 - 2014-03-18 10:47 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-23 11:22 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-02-22 18:02 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 16:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 17:09 - 2015-06-14 18:55 - 00000000 ____D C:\Users\woya\Desktop\psani
2017-02-20 17:48 - 2015-08-20 19:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\vlc
2017-02-20 17:37 - 2016-10-26 19:19 - 00000000 ____D C:\Users\woya\Desktop\ok obrázky
2017-02-19 21:08 - 2016-06-21 07:44 - 00000839 _____ C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-02-19 20:43 - 2015-05-31 18:47 - 00000000 ____D C:\Users\woya\Desktop\obrázky
2017-02-15 14:43 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-10 17:34 - 2014-07-25 10:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-04 00:00 - 2015-07-29 18:04 - 00000000 ____D C:\Users\woya
2017-02-03 22:00 - 2016-03-29 17:25 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 21:38 - 2016-03-29 17:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\AVAST Software
2017-02-03 21:38 - 2016-03-29 17:15 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-02 17:10 - 2013-08-22 15:44 - 00381936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.txt
2016-03-29 17:25 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.png
2016-03-29 17:25 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.txt
2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.txt
2016-03-29 17:23 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.png
2016-03-29 17:24 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.txt
2016-03-29 13:31 - 2016-03-29 14:17 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.png
2016-03-29 13:31 - 2016-03-29 14:17 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.txt
2016-03-29 17:05 - 2016-03-29 18:48 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.png
2016-03-29 17:05 - 2016-03-29 18:48 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.txt
2016-03-28 17:32 - 2016-03-28 18:01 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.png
2016-03-28 17:32 - 2016-03-28 18:01 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.txt
2016-03-29 13:13 - 2016-03-29 13:21 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.png
2016-03-29 13:13 - 2016-03-29 13:21 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.txt
2015-01-17 04:48 - 2015-01-17 04:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-04-07 20:48 - 2015-11-23 18:51 - 4964056 _____ (Acer Incorporated) C:\Users\woya\AppData\Local\Temp\AcerDocsSetup.exe
2015-09-09 10:22 - 2015-09-09 10:22 - 7850088 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\BingBarSetup-Partner.exe
2015-09-08 09:16 - 2015-09-08 09:16 - 0102912 _____ () C:\Users\woya\AppData\Local\Temp\bitool.dll
2016-04-01 21:54 - 2016-04-01 21:54 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\woya\AppData\Local\Temp\COMAP.EXE
2015-05-15 14:57 - 2015-05-15 14:57 - 0027448 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x64.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0030008 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x86.dll
2015-11-12 15:30 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
2016-04-07 21:02 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\FoxitUpdater.exe
2015-09-22 18:06 - 2015-09-22 18:06 - 2382216 _____ (Mooii) C:\Users\woya\AppData\Local\Temp\GoogleSetup.exe
2017-02-10 17:32 - 2014-03-20 00:55 - 1036288 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\kernel32.dll
2015-09-01 12:11 - 2015-09-01 12:11 - 0120336 _____ (McAfee, Inc.) C:\Users\woya\AppData\Local\Temp\McCSPInstall.dll
2016-03-29 18:23 - 2015-09-01 12:11 - 0162120 _____ (McAfee Inc.) C:\Users\woya\AppData\Local\Temp\mccspuninstall.exe
2016-01-31 08:56 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\woya\AppData\Local\Temp\MSETUP4.EXE
2015-12-11 18:02 - 2015-12-11 18:03 - 62903592 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\oct3A0.tmp.exe
2016-02-17 11:05 - 2016-02-17 11:06 - 63078856 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octA9B3.tmp.exe
2015-08-06 18:10 - 2015-08-06 18:20 - 67114248 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octAF19.tmp.exe
2015-10-16 20:01 - 2015-10-16 20:03 - 67197784 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB4FF.tmp.exe
2015-12-19 05:16 - 2015-12-19 05:17 - 63066872 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB55E.tmp.exe
2015-09-02 21:56 - 2015-09-02 21:58 - 67202952 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octBB15.tmp.exe
2016-03-12 23:06 - 2016-03-12 23:06 - 63142648 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octC5AF.tmp.exe
2015-12-04 20:11 - 2015-12-04 20:18 - 62760704 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octCDC7.tmp.exe
2016-03-09 09:13 - 2016-03-09 09:14 - 63143840 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octD498.tmp.exe
2015-10-30 21:49 - 2015-10-30 21:51 - 64809432 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octF860.tmp.exe
2015-05-15 14:57 - 2015-05-15 14:57 - 0033080 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-win32.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0032056 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-x64.dll
2016-03-26 21:10 - 2016-03-26 21:10 - 0685568 _____ () C:\Users\woya\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
2016-07-03 15:11 - 2016-07-03 15:12 - 30533688 _____ () C:\Users\woya\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-09-25 06:00 - 2016-09-25 06:00 - 1246584 _____ (Google Inc.) C:\Users\woya\AppData\Local\Temp\{E3206134-7530-4F06-B7CC-238CD47B99DC}-53.0.2785.143_53.0.2785.116_chrome_updater.exe
2017-02-09 16:36 - 2017-02-09 16:36 - 0534528 _____ () C:\Users\woya\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 17:15

==================== End of FRST.txt ============================

#4 Příspěvek od **Rudy** » 23 úno 2017 12:28

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

vaciky · #5 Příspěvek od **vaciky** » 23 úno 2017 12:51

# AdwCleaner v6.043 - Log vytvořen 23/02/2017 v 12:46:48
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-23.2 [Server]
# Operační systém : Windows 8.1 Connected (X64)
# Uživatelské jméno : woya - WOYTA
# Spuštěno z : C:\Users\woya\Downloads\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

[-] Služba smazána: LavasoftTcpService
[-] Služba smazána: WCAssistantService

***** [ Složky ] *****

[-] Složka smazána: C:\Users\woya\AppData\Local\VirtualStore\Program Files\Booking.com
[-] Složka smazána: C:\Users\woya\AppData\Roaming\RPEng
[-] Složka smazána: C:\Users\woya\AppData\Roaming\lavasoft\web companion
[-] Složka smazána: C:\Users\woya\AppData\Roaming\WiperSoft
[-] Složka smazána: C:\Program Files\Booking.com
[-] Složka smazána: C:\Program Files\WiperSoft
[-] Složka smazána: C:\ProgramData\lavasoft\web companion
[-] Složka smazána: C:\Program Files (x86)\lavasoft\web companion
[-] Složka smazána: C:\Users\Public\Pokki

***** [ Soubory ] *****

[#] Soubor smazán: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] Soubor smazán: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[#] Soubor smazán: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] Soubor smazán: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Software Update Application

***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Classes\pokki
[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Classes\Tomabo.MP4Player.play
[#] Klíč smazán po restartu: HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: HKCU\Software\Classes\Tomabo.MP4Player.play
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Klíč smazán: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Klíč smazán: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.flv
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.mp4
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS.1
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Tomabo.MP4Player.play
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.flv
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.mp4
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Tomabo.MP4Player.WS.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\WiperSoft
[#] Klíč smazán po restartu: HKCU\Software\WiperSoft
[-] Klíč smazán: HKLM\SOFTWARE\Lavasoft\Web Companion
[#] Klíč smazán po restartu: [x64] HKCU\Software\WiperSoft
[-] Klíč smazán: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easyphotoedit.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getformsonline.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myradioaccess.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safepcrepair.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice-cz.eu
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice-cz.eu
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easyphotoedit.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getformsonline.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myradioaccess.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safepcrepair.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice-cz.eu
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice-cz.eu
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[-] Hodnota smazána: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Hodnota smazána: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Klíč smazán: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11696 Bajty] - [23/02/2017 12:46:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [11179 Bajty] - [23/02/2017 12:45:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11844 Bajty] ##########

#6 Příspěvek od **Rudy** » 23 úno 2017 13:30

Dejte nový log FRST.

vaciky · #7 Příspěvek od **vaciky** » 23 úno 2017 18:17

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by woya (23-02-2017 18:12:37)
Running from C:\Users\woya\Downloads
Windows 8.1 Connected (Update) (X64) (2015-07-29 17:08:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3354066490-3795016998-3616670782-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3354066490-3795016998-3616670782-501 - Limited - Disabled)
woya (S-1-5-21-3354066490-3795016998-3616670782-1001 - Administrator - Enabled) => C:\Users\woya

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 WoS Extreme Trucker 1.01 (HKLM-x32\...\18 WoS Extreme Trucker) (Version: 1.01 - )
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3006 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Avast Browser Cleanup (HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Dostihy 3000 deluxe 1.1 (HKLM-x32\...\Dostihy 3000 deluxe) (Version: - )
FlatOut2 (HKLM-x32\...\{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1) (Version: 1.0 - US - ACTION, s.r.o.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MP4 Downloader 3 (HKLM-x32\...\MP4 Downloader_is1) (Version: - Tomabo)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2900 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2900 series) (Version: - ‭Canon Inc.)
Seznam Software (HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\SeznamInstall) (Version: - Seznam.cz)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Companion (HKLM-x32\...\{aad49f43-1a84-4288-b613-935b27d0155b}) (Version: 2.3.1395.2683 - Lavasoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WiperSoft 1.1.1129.64 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.1.1129.64 - WiperSoft)
Youtube Downloader 4.64 (HKLM-x32\...\Youtube Downloader_is1) (Version: - Youtube Downloader)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll => No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D5813D-E736-4F11-837A-C531554BBE00} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {0E584EB4-44EB-4EFF-AF8F-18FECFC02980} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FC5BAE0-D1E0-4907-921A-C998C4706788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FFCBD1B-E841-4DDA-B426-3A529CB82FBA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {152511BA-96D0-445A-AEFD-8A54A6CC4DB1} - System32\Tasks\avastBCLS-1-5-21-3354066490-3795016998-3616670782-1001 => C:\Users\woya\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-02-03] (AVAST Software)
Task: {26017BFB-4F6C-4228-BD0A-E1FD8088A606} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {27136821-C55F-4E62-9FC3-698136975B66} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-17] ()
Task: {2B73EEF8-E1D7-4F04-8F46-F5E3F2F2CB07} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-17] ()
Task: {35BD2535-E6F4-4E46-897B-16B0A22C1076} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {4F9519E3-FBC9-4AE5-B983-84412665942F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {54F69BC0-95C4-41A7-A6DD-B0149A610BB8} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {8D624D77-5BAB-4867-817F-0486624A853B} - System32\Tasks\avast! BCU UpdateS-1-5-21-3354066490-3795016998-3616670782-1001 => C:\Users\woya\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {9B225D04-7D76-435D-8AA5-56B887B0C34C} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {A63E59BD-3FE3-4FAD-A667-7726D17D294C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {B1C45E26-4094-4479-9C0D-10D3F81ABAF1} - System32\Tasks\WiperSoft Startup => C:\Program Files\WiperSoft\WiperSoft.exe
Task: {BE22A6C3-A72F-4A5C-ACA2-631630B8B6D2} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {BF6ECB47-87D1-4AE4-AEAB-3660156A02BB} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {FFA14740-5B10-407E-A2DD-8D9DC312A8D3} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-09 16:36 - 2017-02-08 12:38 - 00079872 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\12618libfoxloader-x64.dll
2016-01-31 09:12 - 2013-06-28 16:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-04-29 11:38 - 2014-04-29 11:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 11:35 - 2014-04-29 11:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 11:42 - 2014-04-29 11:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-04-07 20:27 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-04-07 20:27 - 2017-02-08 12:39 - 00080576 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2015-07-17 13:39 - 2015-07-17 13:39 - 04612448 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2015-07-17 13:40 - 2015-07-17 13:40 - 00013664 _____ () C:\Program Files (x86)\Acer\Care Center\LogDebug.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00177504 _____ () C:\Program Files (x86)\Acer\Care Center\ACCUtilities.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00025440 _____ () C:\Program Files (x86)\Acer\Care Center\MonitorDataHelper.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00018784 _____ () C:\Program Files (x86)\Acer\Care Center\ACCPlugin.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00026464 _____ () C:\Program Files (x86)\Acer\Care Center\MonitorControlLib.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00065888 _____ () C:\Program Files (x86)\Acer\Care Center\ACCMonitorPlugin\ACCSupportMonitor.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00042336 _____ () C:\Program Files (x86)\Acer\Care Center\ACCMonitorPlugin\ACtCTuneUpMonitorDisk.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00016224 _____ () C:\Program Files (x86)\Acer\Care Center\ACCADSManager.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 01744224 _____ () C:\Program Files (x86)\Acer\Care Center\ACCPlugin\ACCTuneUpPlg.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00019296 _____ () C:\Program Files (x86)\Acer\Care Center\ACCNotifyShow.dll
2015-07-17 13:40 - 2015-07-17 13:40 - 00013152 _____ () C:\Program Files (x86)\Acer\Care Center\FullScreenDetector.dll
2016-04-07 20:27 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-04-07 20:27 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\woya\AppData\Roaming\Seznam.cz\bin\24777libfoxloader.dll
2016-09-20 20:02 - 2016-09-20 20:02 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 14:09 - 2016-08-30 14:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 14:05 - 2016-08-30 14:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\woya\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+axnmj+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+axnmj+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+gbsft+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+gbsft+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+ppoad+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+ppoad+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+qsdah+.txt"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\StartupFolder: => "+REcovER+qsdah+.png"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\Run: => "GSplay.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A6E0E8B8-0F7E-48EC-B3BF-379632A43DBB}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{7C6BE4EB-52FF-45AA-9269-9FF67A95459C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{82278E7C-5DB9-486E-A1E8-B06E8F1257CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3D602074-8D86-4C00-8C67-8BAC650E4557}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C723D88F-312E-4426-81B3-3704ECD8D10B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{952B2A17-ED85-47BF-B693-77FC0844D25C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5270D993-F1FB-4EAE-8D38-52712D8588D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4BEA74ED-700A-4272-9A44-EBA52E14C3DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAEF7DD4-F8BD-4813-B4EB-5112F3C199E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AC650F09-802D-4BE7-802E-708FE90381FE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{779C7489-EF91-4AB2-8CC9-F6EBD8793FD5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5324E564-9C31-434B-8F91-9BA1F820FD46}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0B510DC5-836C-4BB3-9A11-32EBDDE695FF}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{184D893A-38EB-4022-9798-B8F0F544F3BD}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{88AACC96-5109-4F27-9FB9-5426CF542A37}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{83ED3DC9-491B-4458-A3F9-BDD0CD37825A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CAC036C5-2566-4B1D-B156-8CB1A0C2901D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8B7801E1-32B2-4BE3-9963-9F5B88CD1D8B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7D23B06D-FF5F-4DE9-9B8B-CE85F8AD211A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CC01E70B-EDFA-42CD-8823-0C169935BC6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B4DD6EF5-B6C1-4C01-8FE8-670FD2FF6370}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C575E886-A720-4354-AC51-1099ECA3877D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0EA76FA5-C5CA-48A4-B59F-5D67A2027A7A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{36A3F1C7-24A2-46D7-A1DD-814D6FF6C99F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{56B2D0CE-F65F-4864-B41C-9E67F42CADCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35EF9241-2D95-4429-86A1-D11E3355B9F0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{726C32E7-CBB5-43B2-8965-8F441D694D11}] => (Allow) C:\Users\woya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{646D8618-A930-47FB-BF11-8CF655953197}] => (Allow) C:\Users\woya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FBCA041-03AC-481F-A52E-5A9F149389E7}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{5510A360-19BF-44A7-8CA9-8F4609DAF3EA}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B3AFDE39-1F24-4E85-B26D-80A56EED1F50}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{37BB6B44-936A-4273-9234-0610BB082074}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C719ED7F-DE85-44C2-B366-C54E08FA0840}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9C3D067D-4B0E-410D-AE26-625F3F5909B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{2482F45F-CA39-46C3-B155-3BC3AAD78F65}C:\users\woya\gsplay\csko\hl.exe] => (Block) C:\users\woya\gsplay\csko\hl.exe
FirewallRules: [UDP Query User{5F5A9D60-28CC-4D22-98EE-C821FF2A9553}C:\users\woya\gsplay\csko\hl.exe] => (Block) C:\users\woya\gsplay\csko\hl.exe
FirewallRules: [{ECFD9D02-4DCA-4650-A089-74D77867A7EB}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{D6E05EE6-4789-4FE9-9797-0637540DD7CA}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{5286E535-A5D9-465F-B9A8-67EFEB0C1480}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{AD961097-BDB7-4026-AA17-07E30410DAA7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{2B6D838C-CDD9-4FB6-A9BC-FF3879FF6E8D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{A0997697-D8DE-4E4B-828C-80BA688417EC}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{3936CBBF-ED6D-4738-948A-12C6A946837C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{C822E9DA-F6A9-49CE-99F3-6588B83033F1}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{3658897B-FECA-4772-A9E1-18C7CC0E166E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4Downloader.exe] => Enabled:MP4 Downloader

==================== Restore Points =========================

16-01-2017 17:05:28 Naplánovaný kontrolní bod
10-02-2017 17:32:41 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
10-02-2017 17:33:57 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
18-02-2017 10:10:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2017 11:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACCStd.exe, verze: 2.1.8006.0, časové razítko: 0x55a873b5
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17055, časové razítko: 0x532954fb
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000005bf8
ID chybujícího procesu: 0x1098
Čas spuštění chybující aplikace: 0x01d28dbee514199d
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\KERNELBASE.dll
ID zprávy: 3cf6d7f6-f9b2-11e6-829e-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/23/2017 11:24:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: ACCStd.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentException
Zásobník:
na System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Insert(System.__Canon, System.__Canon, Boolean)
na MonitorControlLib.MonitorSelector.AddMonitorObj(MonitorControlLib.IMonitorObject)
na ACtCTuneUpDiskMonitor.MonitorPlugin.InitMonitorObjects()
na MonitorControlLib.MonitorManager.LaunchManager()
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (02/22/2017 06:19:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program RSITx64.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 16ac

Čas spuštění: 01d28d2efea0ce43

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\woya\Downloads\RSITx64.exe

ID hlášení: 05e95481-f923-11e6-829e-acd1b85b8ca0

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (02/19/2017 05:32:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACCStd.exe, verze: 2.1.8006.0, časové razítko: 0x55a873b5
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17055, časové razítko: 0x532954fb
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000005bf8
ID chybujícího procesu: 0x4de0
Čas spuštění chybující aplikace: 0x01d28acc0249831e
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\KERNELBASE.dll
ID zprávy: 10c658c2-f6c1-11e6-8291-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/19/2017 05:31:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACCStd.exe, verze: 2.1.8006.0, časové razítko: 0x55a873b5
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.17055, časové razítko: 0x532954fb
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000005bf8
ID chybujícího procesu: 0x4de0
Čas spuštění chybující aplikace: 0x01d28acc0249831e
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\KERNELBASE.dll
ID zprávy: e56d9774-f6c0-11e6-8291-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/19/2017 05:31:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: ACCStd.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentException
Zásobník:
na System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Insert(System.__Canon, System.__Canon, Boolean)
na MonitorControlLib.MonitorSelector.AddMonitorObj(MonitorControlLib.IMonitorObject)
na ACtCTuneUpDiskMonitor.MonitorPlugin.InitMonitorObjects()
na MonitorControlLib.MonitorManager.LaunchManager()
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (02/18/2017 10:06:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/18/2017 09:51:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 56.0.2924.87 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 30cc

Čas spuštění: 01d289c407781257

Čas ukončení: 3542

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: 785f680b-f5b7-11e6-8291-acd1b85b8ca0

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (02/03/2017 09:25:25 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/03/2017 09:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: LiveUpdateAgent.exe, verze: 2.0.2002.0, časové razítko: 0x550985aa
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007fff16d416b4
ID chybujícího procesu: 0x1e34
Čas spuštění chybující aplikace: 0x01d27e58b79aade1
Cesta k chybující aplikaci: C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 11d64128-ea4c-11e6-828e-acd1b85b8ca0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

System errors:
=============
Error: (02/23/2017 12:58:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070003): Microsoft.ZuneMusic.

Error: (02/23/2017 12:58:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070003): Microsoft.Office.OneNote.

Error: (02/23/2017 12:46:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba User Experience Improvement Program byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Quick Access RadioMgr Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ePower Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Quick Access Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2017 12:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (02/23/2017 12:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/23/2017 12:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba WC Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

CodeIntegrity:
===================================
Date: 2016-03-30 00:16:34.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 27%
Total physical RAM: 3977.98 MB
Available physical RAM: 2899.33 MB
Total Virtual: 6793.98 MB
Available Virtual: 5514.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.63 GB) (Free:84.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E5D888E7)

Partition: GPT.

==================== End of Addition.txt ============================

#8 Příspěvek od **Rudy** » 23 úno 2017 18:25

Potřebuji ještě log FRST. Toto je pouze Additional.

vaciky · #9 Příspěvek od **vaciky** » 24 úno 2017 13:03

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by woya (administrator) on WOYTA (24-02-2017 12:58:55)
Running from C:\Users\woya\Downloads
Loaded Profiles: woya (Available Profiles: woya & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\woya\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\woya\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [Steam] => "C:\Users\woya\Desktop\Nová složka\steam.exe" -silent
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [GSplay.exe] => C:\Users\woya\Desktop\GSplay.exe
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\woya\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\woya\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9D8B0457-CB80-45F2-93FC-226FF32ED990}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {07DABBBB-7C71-43CD-9A0B-38218CEB43CD} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {20A794BE-539A-4ABE-905E-BF7262C67DA1} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {35F1F2F5-6E9B-4FA5-9365-06DE685EC9F6} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {4676566E-8E36-47B1-AC52-289DD87C7642} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {7FF58829-AE7D-4698-88BB-44079369A2F9} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {8BBC4653-7911-4317-8A75-C5E56D3170AC} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {9814D5FA-946F-4F51-80CC-417F8AE0ABD5} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {C7F25AC1-915D-414D-B4E2-19DE7550F76E} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {F0473FF6-D974-430F-843B-597BE706BBA0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_FF.xpi => not found
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Prezentace Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-29]
CHR Extension: (Dokumenty Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-29]
CHR Extension: (Disk Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-29]
CHR Extension: (Seznam Lištička - Email) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-02-22]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-02-22]
CHR Extension: (YouTube) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Tabulky Google) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-02-22]
CHR Extension: (Gmail) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\woya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [315376 2014-06-09] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2015-09-08] (Disc Soft Ltd)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 12:54 - 2017-02-24 12:54 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64 (2).exe
2017-02-24 12:53 - 2017-02-24 12:53 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64 (1).exe
2017-02-23 18:09 - 2017-02-23 18:09 - 00000000 ____D C:\Users\woya\Downloads\FRST-OlderVersion
2017-02-23 12:42 - 2017-02-23 12:46 - 00000000 ____D C:\AdwCleaner
2017-02-23 12:42 - 2017-02-23 12:42 - 04015056 _____ C:\Users\woya\Downloads\adwcleaner_6.043.exe
2017-02-23 11:28 - 2017-02-24 12:57 - 00037999 _____ C:\Users\woya\Downloads\Addition.txt
2017-02-23 11:25 - 2017-02-24 12:58 - 00017957 _____ C:\Users\woya\Downloads\FRST.txt
2017-02-23 11:25 - 2017-02-24 12:58 - 00000000 ____D C:\FRST
2017-02-23 11:23 - 2017-02-23 18:09 - 02423296 _____ (Farbar) C:\Users\woya\Downloads\FRST64.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 01107968 _____ C:\Users\woya\Downloads\RSIT.exe
2017-02-22 18:20 - 2017-02-22 18:20 - 00000000 ____D C:\Program Files (x86)\trend micro
2017-02-22 18:18 - 2017-02-22 18:18 - 01324032 _____ C:\Users\woya\Downloads\RSITx64 (1).exe
2017-02-22 18:13 - 2017-02-22 18:13 - 01222144 _____ C:\Users\woya\Downloads\RSITx64.exe
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\rsit
2017-02-22 18:13 - 2017-02-22 18:13 - 00000000 ____D C:\Program Files\trend micro
2017-02-22 17:12 - 2017-02-22 17:12 - 00023032 _____ (Wiper Software) C:\WINDOWS\system32\wiperrm.exe
2017-02-22 17:12 - 2017-02-22 17:12 - 00003278 _____ C:\WINDOWS\System32\Tasks\WiperSoft Startup
2017-02-22 17:12 - 2017-02-22 17:12 - 00000786 _____ C:\Users\woya\Desktop\WiperSoft.lnk
2017-02-22 17:12 - 2017-02-22 17:12 - 00000000 ____D C:\Users\woya\AppData\Local\CrashRpt
2017-02-22 17:11 - 2017-02-22 17:11 - 01944616 _____ (WiperSoft) C:\Users\woya\Downloads\WiperSoft-installer.exe
2017-02-22 16:31 - 2017-02-22 17:32 - 00000000 ____D C:\WINDOWS\pss
2017-02-19 21:08 - 2017-02-19 21:08 - 00000791 _____ C:\Users\woya\Desktop\Start Tor Browser.lnk
2017-02-19 21:07 - 2017-02-19 21:08 - 00000000 ____D C:\Users\woya\Desktop\Tor Browser
2017-02-16 19:09 - 2017-02-20 20:09 - 00000000 ____D C:\Users\woya\Documents\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00001373 _____ C:\Users\Public\Desktop\18 WoS Extreme Trucker.lnk
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\Program Files (x86)\18 WoS Extreme Trucker
2017-02-10 17:35 - 2017-02-10 17:51 - 00000000 ____D C:\ProgramData\Nero
2017-02-10 17:28 - 2017-02-10 17:41 - 00000000 ____D C:\Users\woya\AppData\Roaming\Nero
2017-02-09 16:34 - 2017-02-10 17:40 - 00000000 ____D C:\Users\woya\Desktop\2017 cd
2017-02-05 20:22 - 2017-02-12 20:06 - 00000000 ____D C:\Users\woya\Desktop\garáž inspirace
2017-02-03 21:31 - 2017-02-03 21:31 - 00003366 _____ C:\WINDOWS\System32\Tasks\avastBCLS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00004214 _____ C:\WINDOWS\System32\Tasks\avast! BCU UpdateS-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-03 21:30 - 2017-02-03 21:30 - 00001153 _____ C:\Users\woya\Desktop\Avast Browser Cleanup.lnk
2017-02-03 21:30 - 2017-02-03 21:30 - 00000000 ____D C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 12:54 - 2015-01-17 04:40 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-24 12:54 - 2015-01-17 04:40 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-24 12:54 - 2014-03-18 10:47 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 12:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-02-23 12:53 - 2016-04-07 20:26 - 00000000 ____D C:\Users\woya\AppData\Roaming\Seznam.cz
2017-02-23 12:47 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-23 12:46 - 2015-09-07 20:42 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-02-23 12:45 - 2015-09-07 20:42 - 00000000 ____D C:\Users\woya\AppData\Roaming\Lavasoft
2017-02-23 11:40 - 2015-07-29 18:21 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3354066490-3795016998-3616670782-1001
2017-02-23 11:26 - 2016-01-31 09:11 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-23 11:24 - 2015-07-29 18:21 - 00000000 ____D C:\Users\woya\AppData\Local\CrashDumps
2017-02-22 16:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 17:09 - 2015-06-14 18:55 - 00000000 ____D C:\Users\woya\Desktop\psani
2017-02-20 17:48 - 2015-08-20 19:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\vlc
2017-02-20 17:37 - 2016-10-26 19:19 - 00000000 ____D C:\Users\woya\Desktop\ok obrázky
2017-02-19 21:08 - 2016-06-21 07:44 - 00000839 _____ C:\Users\woya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-02-19 20:43 - 2015-05-31 18:47 - 00000000 ____D C:\Users\woya\Desktop\obrázky
2017-02-15 14:43 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-10 17:34 - 2014-07-25 10:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-04 00:00 - 2015-07-29 18:04 - 00000000 ____D C:\Users\woya
2017-02-03 22:00 - 2016-03-29 17:25 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 21:38 - 2016-03-29 17:18 - 00000000 ____D C:\Users\woya\AppData\Roaming\AVAST Software
2017-02-03 21:38 - 2016-03-29 17:15 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-02 17:10 - 2013-08-22 15:44 - 00381936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 21:30 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+axnmj+.txt
2016-03-29 17:25 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.png
2016-03-29 17:25 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\+REcovER+qsdah+.txt
2016-03-29 13:42 - 2016-03-29 14:19 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.png
2016-03-29 13:42 - 2016-03-29 14:19 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+axnmj+.txt
2016-03-29 17:23 - 2016-03-29 18:50 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.png
2016-03-29 17:24 - 2016-03-29 18:50 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+gbsft+.txt
2016-03-28 18:02 - 2016-03-28 18:02 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.png
2016-03-28 18:02 - 2016-03-28 18:02 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+ppoad+.txt
2016-03-29 13:22 - 2016-03-29 13:22 - 0038334 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.png
2016-03-29 13:22 - 2016-03-29 13:22 - 0001041 _____ () C:\Users\woya\AppData\Roaming\Microsoft\+REcovER+qsdah+.txt
2016-03-29 13:31 - 2016-03-29 14:17 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.png
2016-03-29 13:31 - 2016-03-29 14:17 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+axnmj+.txt
2016-03-29 17:05 - 2016-03-29 18:48 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.png
2016-03-29 17:05 - 2016-03-29 18:48 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+gbsft+.txt
2016-03-28 17:32 - 2016-03-28 18:01 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.png
2016-03-28 17:32 - 2016-03-28 18:01 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+ppoad+.txt
2016-03-29 13:13 - 2016-03-29 13:21 - 0038334 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.png
2016-03-29 13:13 - 2016-03-29 13:21 - 0001041 _____ () C:\Users\woya\AppData\Local\+REcovER+qsdah+.txt
2015-01-17 04:48 - 2015-01-17 04:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-04-07 20:48 - 2015-11-23 18:51 - 4964056 _____ (Acer Incorporated) C:\Users\woya\AppData\Local\Temp\AcerDocsSetup.exe
2015-09-09 10:22 - 2015-09-09 10:22 - 7850088 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\BingBarSetup-Partner.exe
2015-09-08 09:16 - 2015-09-08 09:16 - 0102912 _____ () C:\Users\woya\AppData\Local\Temp\bitool.dll
2016-04-01 21:54 - 2016-04-01 21:54 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\woya\AppData\Local\Temp\COMAP.EXE
2015-05-15 14:57 - 2015-05-15 14:57 - 0027448 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x64.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0030008 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\DseShExt-x86.dll
2015-11-12 15:30 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
2016-04-07 21:02 - 2014-06-19 17:42 - 7031360 _____ (Foxit Corporation) C:\Users\woya\AppData\Local\Temp\FoxitUpdater.exe
2015-09-22 18:06 - 2015-09-22 18:06 - 2382216 _____ (Mooii) C:\Users\woya\AppData\Local\Temp\GoogleSetup.exe
2017-02-10 17:32 - 2014-03-20 00:55 - 1036288 _____ (Microsoft Corporation) C:\Users\woya\AppData\Local\Temp\kernel32.dll
2015-09-01 12:11 - 2015-09-01 12:11 - 0120336 _____ (McAfee, Inc.) C:\Users\woya\AppData\Local\Temp\McCSPInstall.dll
2016-03-29 18:23 - 2015-09-01 12:11 - 0162120 _____ (McAfee Inc.) C:\Users\woya\AppData\Local\Temp\mccspuninstall.exe
2016-01-31 08:56 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\woya\AppData\Local\Temp\MSETUP4.EXE
2015-12-11 18:02 - 2015-12-11 18:03 - 62903592 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\oct3A0.tmp.exe
2016-02-17 11:05 - 2016-02-17 11:06 - 63078856 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octA9B3.tmp.exe
2015-08-06 18:10 - 2015-08-06 18:20 - 67114248 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octAF19.tmp.exe
2015-10-16 20:01 - 2015-10-16 20:03 - 67197784 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB4FF.tmp.exe
2015-12-19 05:16 - 2015-12-19 05:17 - 63066872 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octB55E.tmp.exe
2015-09-02 21:56 - 2015-09-02 21:58 - 67202952 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octBB15.tmp.exe
2016-03-12 23:06 - 2016-03-12 23:06 - 63142648 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octC5AF.tmp.exe
2015-12-04 20:11 - 2015-12-04 20:18 - 62760704 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octCDC7.tmp.exe
2016-03-09 09:13 - 2016-03-09 09:14 - 63143840 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octD498.tmp.exe
2015-10-30 21:49 - 2015-10-30 21:51 - 64809432 _____ (SweetLabs,Inc.) C:\Users\woya\AppData\Local\Temp\octF860.tmp.exe
2015-05-15 14:57 - 2015-05-15 14:57 - 0033080 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-win32.dll
2015-05-15 14:57 - 2015-05-15 14:57 - 0032056 _____ (AVG Technologies) C:\Users\woya\AppData\Local\Temp\SDShelEx-x64.dll
2016-03-26 21:10 - 2016-03-26 21:10 - 0685568 _____ () C:\Users\woya\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
2016-07-03 15:11 - 2016-07-03 15:12 - 30533688 _____ () C:\Users\woya\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-09-25 06:00 - 2016-09-25 06:00 - 1246584 _____ (Google Inc.) C:\Users\woya\AppData\Local\Temp\{E3206134-7530-4F06-B7CC-238CD47B99DC}-53.0.2785.143_53.0.2785.116_chrome_updater.exe
2017-02-09 16:36 - 2017-02-09 16:36 - 0534528 _____ () C:\Users\woya\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 17:15

==================== End of FRST.txt ============================

#10 Příspěvek od **Rudy** » 24 úno 2017 14:02

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
oolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>
U0 aswVmm; no ImagePath
C:\ProgramData\DP45977C.lfl
C:\Users\woya\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll => No File <==== ATTENTION
Task: {0E584EB4-44EB-4EFF-AF8F-18FECFC02980} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FC5BAE0-D1E0-4907-921A-C998C4706788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)

EmptyTemp:
End

Uložte do C:\Users\woya\Downloads plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

vaciky · #11 Příspěvek od **vaciky** » 24 úno 2017 14:28

Zdravím log se neobjevil. Myslel jste uložit do stažených souborů nebo přímo na plochu?

vaciky · #12 Příspěvek od **vaciky** » 24 úno 2017 14:38

Pardon, to bude asi tohle, že:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by woya (24-02-2017 14:34:38) Run:2
Running from C:\Users\woya\Downloads
Loaded Profiles: woya (Available Profiles: woya & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {34852885-5583-11e5-8263-acd1b85b8ca0} - "E:\Autorun.exe"
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\...\MountPoints2: {5deba2d2-560f-11e5-8265-acd1b85b8ca0} - "G:\Install.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
oolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM-x32\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files (x86)\Tomabo\MP4 Downloader\MP4D_GC.crx <not found>
U0 aswVmm; no ImagePath
C:\ProgramData\DP45977C.lfl
C:\Users\woya\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d11.dll => No File <==== ATTENTION
Task: {0E584EB4-44EB-4EFF-AF8F-18FECFC02980} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {0FC5BAE0-D1E0-4907-921A-C998C4706788} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)

EmptyTemp:
End
*****************

HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34852885-5583-11e5-8263-acd1b85b8ca0} => key not found.
HKCR\CLSID\{34852885-5583-11e5-8263-acd1b85b8ca0} => key not found.
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5deba2d2-560f-11e5-8265-acd1b85b8ca0} => key not found.
HKCR\CLSID\{5deba2d2-560f-11e5-8265-acd1b85b8ca0} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found.
oolbar: HKU\S-1-5-21-3354066490-3795016998-3616670782-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\glhecpdglaanfgdgcefipbokcmenleaf => key not found.
aswVmm => service not found.
"C:\ProgramData\DP45977C.lfl" => not found.
C:\Users\woya\AppData\Local\Temp => moved successfully
HKU\S-1-5-21-3354066490-3795016998-3616670782-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E584EB4-44EB-4EFF-AF8F-18FECFC02980} => key not found.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FC5BAE0-D1E0-4907-921A-C998C4706788} => key not found.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6336167 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1732 B
Edge => 0 B
Chrome => 8975976 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -650 B
woya => 20129 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 22.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:34:41 ====

#13 Příspěvek od **Rudy** » 24 úno 2017 17:44

Mělo by to být OK.

vaciky · #14 Příspěvek od **vaciky** » 24 úno 2017 17:50

Děkuji za pomoc. Nevíte kde jsem k tomu mohl přinít. Antivirovy program využívám.

#15 Příspěvek od **Rudy** » 24 úno 2017 18:02

Ransomware existuje v mnoho variantách, takže ji AV ani nemusel znát.

VIRY.CZ

RSA 4096

RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096

Re: RSA 4096