USB KLUC - location: cmd (C:\Windows\System32) ????

[JaRon]

pouzi fixlist
ulozis v notepade ako fixlist.txt:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:
C:\Users\Kamil\AppData\Roaming\skype.exe
F3 - REG:win.ini: load=C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe
O4 - HKLM\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKLM\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKLM\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKLM\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKLM\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKLM\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKLM\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKCU\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKCU\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKCU\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKCU\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKCU\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKCU\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKCU\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - Startup: 8424898cc4c927994d288319a361b825.exe
O4 - Startup: Launch_Manager.vbs
O4 - Startup: tmp453B.tmp.vbs
O4 - Startup: tmp9F3E.tmp.vbs
O4 - Startup: tmpB731.tmp.vbs
O4 - Startup: tmpBE24.tmp.vbs
O4 - Startup: windows.vbs
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
2017-05-24 17:47:09 ----A---- C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-05-24 17:43:35 ----D---- C:\ProgramData\IObit



EmptyTemp:
Reboot:
End

[kamistr]

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2017 01
Ran by Kamil (22-06-2017 12:38:32) Run:1
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
C:\Users\Kamil\AppData\Roaming\skype.exe
F3 - REG:win.ini: load=C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe
O4 - HKLM\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKLM\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKLM\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKLM\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKLM\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKLM\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKLM\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - HKCU\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
O4 - HKCU\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs"
O4 - HKCU\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs"
O4 - HKCU\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs"
O4 - HKCU\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs"
O4 - HKCU\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" ..
O4 - HKCU\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
O4 - Startup: 8424898cc4c927994d288319a361b825.exe
O4 - Startup: Launch_Manager.vbs
O4 - Startup: tmp453B.tmp.vbs
O4 - Startup: tmp9F3E.tmp.vbs
O4 - Startup: tmpB731.tmp.vbs
O4 - Startup: tmpBE24.tmp.vbs
O4 - Startup: windows.vbs
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
2017-05-24 17:47:09 ----A---- C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-05-24 17:43:35 ----D---- C:\ProgramData\IObit



EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\Kamil\AppData\Roaming\skype.exe => moved successfully
F3 - REG:win.ini: load=C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe => Error: No automatic fix found for this entry.
O4 - HKLM\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - HKLM\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" => Error: No automatic fix found for this entry.
O4 - HKLM\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" => Error: No automatic fix found for this entry.
O4 - HKLM\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - HKLM\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - HKLM\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" .. => Error: No automatic fix found for this entry.
O4 - HKLM\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - HKCU\..\Run: [tmpB731] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - HKCU\..\Run: [Microsoft Office] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" => Error: No automatic fix found for this entry.
O4 - HKCU\..\Run: [javaupdate] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" => Error: No automatic fix found for this entry.
O4 - HKCU\..\Run: [tmp9F3E] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - HKCU\..\Run: [tmpBE24] wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - HKCU\..\Run: [8424898cc4c927994d288319a361b825] "C:\Users\Kamil\AppData\Roaming\skype.exe" .. => Error: No automatic fix found for this entry.
O4 - HKCU\..\Run: [tmp453B] wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs" => Error: No automatic fix found for this entry.
O4 - Startup: 8424898cc4c927994d288319a361b825.exe => Error: No automatic fix found for this entry.
O4 - Startup: Launch_Manager.vbs => Error: No automatic fix found for this entry.
O4 - Startup: tmp453B.tmp.vbs => Error: No automatic fix found for this entry.
O4 - Startup: tmp9F3E.tmp.vbs => Error: No automatic fix found for this entry.
O4 - Startup: tmpB731.tmp.vbs => Error: No automatic fix found for this entry.
O4 - Startup: tmpBE24.tmp.vbs => Error: No automatic fix found for this entry.
O4 - Startup: windows.vbs => Error: No automatic fix found for this entry.
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file) => Error: No automatic fix found for this entry.
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file) => Error: No automatic fix found for this entry.
C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs => moved successfully
C:\ProgramData\IObit => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21304612 B
Java, Flash, Steam htmlcache => 4874 B
Windows/system/drivers => 196018382 B
Edge => 0 B
Chrome => 413489150 B
Firefox => 365598020 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 715211 B
LocalService => 115860 B
NetworkService => 66488 B
Kamil => 53066561 B

RecycleBin => 1140266 B
EmptyTemp: => 1010.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:40:06 ====

[JaRon]

vloz po restarte PC aktualny log FRST

[kamistr]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2017 01
Ran by Kamil (administrator) on KAMIL-PC (22-06-2017 13:21:48)
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Hagel Technologies Ltd) C:\Program Files\DU Meter\DUMeterSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Users\Kamil\AppData\Roaming\skype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Duality Software) C:\Program Files\DS Clock\dsclock.exe
(Hagel Technologies Ltd) C:\Program Files\DU Meter\DUMeter.exe
(© 2015 Microsoft Corporation) C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Home Theater v4] => C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2131856 2016-07-14] (AimerSoft)
HKLM\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKLM\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKLM\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKLM\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKLM\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.sk/sk.special-uninstallation-fe ... sxLVRSTTMy (the data entry has 68 more characters).
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DS Clock] => C:\Program Files\DS Clock\dsclock.exe [323584 2003-06-06] (Duality Software)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [2585360 2007-11-13] (Hagel Technologies Ltd)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [BingSvc] => C:\Users\Kamil\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\CurrentVersion\Windows: [Load] C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {1ef66738-8982-11e1-b4f6-50e549c82b33} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bee-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bf5-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac2d-8bc9-11e1-a4e2-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac47-8bc9-11e1-a4e2-50e549c82b33} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {e33bde52-a7dd-11e1-8e2a-50e549c82b33} - I:\NokiaPCIA_Autorun.exe
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch_Manager.vbs [2017-03-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp453B.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp9F3E.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpB731.tmp.vbs [2017-03-17] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpBE24.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7CE69006-A9F5-4F2A-9FC9-BA743A4AF9ED}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D620EBB2-40AB-4CB4-B107-5F6BCF8B53C0}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2016-12-29] ()
Handler: WSKVAllmytubechrome - No CLSID Value -

FireFox:
========
FF DefaultProfile: ht3jbfth.default-1368257689736
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 [2017-06-22]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> Google
FF Homepage: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.google.sk/
FF Keyword.URL: Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-02]
FF Extension: (YouTube mp3) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\info@youtube-mp3.org.xpi [2017-01-03]
FF Extension: (Translate This!) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2017-01-03]
FF Extension: (Google™ Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2017-01-01]
FF Extension: (Translator Widget) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\jid1-Gz4hrxvpY3RFJw@jetpack.xpi [2017-02-20]
FF Extension: (S3.Google Translator) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\s3google@translator.xpi [2017-02-20]
FF Extension: (Google Translator for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\translator@zoli.bod.xpi [2017-02-20]
FF Extension: (Walnut2 for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}.xpi [2017-03-29]
FF Extension: (Walnut for Firefox) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2017-01-05]
FF Extension: (Video DownloadHelper) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-24]
FF Extension: (Online Translator Toolbar) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi [2017-02-20]
FF Extension: (Flash and Video Download) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-03-01]
FF Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\ht3jbfth.default-1368257689736\searchplugins\bing-.xml [2016-12-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default [2017-06-22]
CHR Extension: (Internet Speed Test) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2017-04-24]
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-26]
CHR Extension: (Google Search) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-18]
CHR Extension: (Reklama blocker na Facebook ™) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgjckeibmdfndlflobjhddhmemajjld [2017-05-27]
CHR Extension: (uBlock Adblock Plus) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecnmmdccnkogcidionikojplkjfgie [2017-06-21]
CHR Extension: (AdBlock) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-21]
CHR Extension: (Zoom) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2017-06-21]
CHR Extension: (Skype) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-06-21]
CHR Extension: (Kontrola pošty Google) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Hover Zoom+) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-04-23]
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Commnucations) [File not signed]
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1382672 2007-10-15] (Hagel Technologies Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [931896 2016-06-15] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-04-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2017-03-28] (Advanced Micro Devices Inc.)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-01] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-01] (Windows (R) Win 7 DDK provider)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-01] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-01] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-01] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-01] (Atheros)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-03-28] (IVT Corporation.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2017-03-28] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2017-03-28] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-12] (REALiX(tm))
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [171072 2016-10-06] (Prolific Technology Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2012-04-19] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2017-05-27] ()
R1 VD_FileDisk; C:\Windows\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2016-02-29] (Wondershare)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-22 13:21 - 2017-06-22 13:22 - 00021250 _____ C:\Users\Kamil\Desktop\FRST.txt
2017-06-22 12:41 - 2017-05-24 17:47 - 00107528 _____ C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-06-22 12:41 - 2017-04-20 21:17 - 00302080 _____ C:\Users\Kamil\AppData\Roaming\skype.exe
2017-06-22 12:37 - 2017-06-22 12:37 - 01778688 _____ (Farbar) C:\Users\Kamil\Desktop\FRST.exe
2017-06-22 05:50 - 2017-06-22 08:21 - 648940031 _____ C:\Users\Kamil\Downloads\279.js.Kelly_&_Lara_2.wmv
2017-06-21 21:06 - 2017-06-21 22:44 - 599358331 _____ C:\Users\Kamil\Downloads\278.js.Kelly,Lara-1.wmv
2017-06-21 20:02 - 2017-06-21 20:02 - 00001695 _____ C:\Users\Kamil\Desktop\AdwCleaner[C2].txt
2017-06-21 19:21 - 2017-06-21 19:21 - 01107968 _____ C:\Users\Kamil\Desktop\RSIT.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-21 18:13 - 2017-06-21 18:13 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-21 18:13 - 2017-06-21 18:13 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-06-21 18:13 - 2017-06-21 18:13 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2017-06-21 18:13 - 2017-06-21 18:13 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-21 18:13 - 2017-06-21 18:13 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-06-21 18:13 - 2017-06-21 18:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-06-21 18:13 - 2017-06-21 18:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-21 18:13 - 2017-06-21 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-06-21 18:13 - 2017-06-21 18:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-06-21 18:13 - 2017-06-21 18:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-06-21 18:12 - 2017-06-21 18:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-21 18:12 - 2017-06-21 18:12 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2017-06-21 18:12 - 2017-06-21 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-21 18:12 - 2017-06-21 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-29 14:49 - 2017-05-29 14:50 - 31570640 _____ (Microsoft Corporation) C:\Users\Kamil\Downloads\IE11-Windows6.1-x86-sk-sk.exe
2017-05-29 14:42 - 2017-05-29 14:43 - 32528592 _____ (Microsoft Corporation) C:\Users\Kamil\Downloads\IE11-Windows6.1-x86-cs-cz.exe
2017-05-28 14:36 - 2017-06-22 12:31 - 00000000 ____D C:\Program Files\trend micro
2017-05-28 14:36 - 2017-05-28 14:37 - 00000000 ____D C:\rsit
2017-05-28 14:08 - 2017-05-28 14:08 - 04110280 _____ C:\Users\Kamil\Desktop\adwcleaner_6.047.exe
2017-05-28 10:25 - 2017-05-28 10:25 - 00040548 _____ C:\Users\Kamil\Documents\cc_20170528_102506.reg
2017-05-28 09:38 - 2017-05-28 09:38 - 03138176 _____ (ESET) C:\Users\Kamil\Downloads\eset_nod32_antivirus_live_installer(1).exe
2017-05-28 09:33 - 2017-05-28 09:34 - 04577464 _____ (ClevX, LLC) C:\Users\Kamil\Downloads\drivesecurity-installer.exe
2017-05-28 09:05 - 2017-05-28 09:05 - 02856736 _____ (MyCity) C:\Users\Kamil\Downloads\MCShield-Setup.exe
2017-05-28 08:42 - 2017-05-28 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-28 08:42 - 2017-05-28 08:42 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-05-28 07:17 - 2017-06-21 17:45 - 00000000 ___HD C:\DrWeb Archive
2017-05-28 07:16 - 2017-05-28 10:00 - 00000000 __SHD C:\DrWeb Quarantine
2017-05-28 07:12 - 2017-06-21 18:23 - 00000000 ____D C:\Program Files\DrWeb.delete-later-431717
2017-05-28 07:09 - 2017-06-21 18:24 - 00000000 ____D C:\ProgramData\Doctor Web
2017-05-28 06:59 - 2017-05-28 07:08 - 357402440 _____ (Doctor Web, Ltd.) C:\Users\Kamil\Downloads\drweb-11.0-ss-win.exe
2017-05-27 10:07 - 2017-05-27 10:11 - 152677608 _____ C:\Users\Kamil\Desktop\jt6qoqdo.exe
2017-05-27 09:42 - 2017-06-22 13:22 - 00005891 _____ C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-05-27 09:42 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-27 09:42 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-26 19:26 - 2017-05-26 19:26 - 00000000 ____D C:\ProgramData\ESET
2017-05-26 19:26 - 2017-05-26 19:26 - 00000000 ____D C:\Program Files\ESET
2017-05-26 19:05 - 2017-05-28 07:22 - 00000000 ____D C:\Users\Kamil\Doctor Web
2017-05-26 16:48 - 2017-06-22 13:21 - 00000000 ____D C:\FRST
2017-05-26 05:25 - 2017-06-21 20:59 - 00000000 ____D C:\AdwCleaner
2017-05-25 14:25 - 2017-05-25 14:25 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Google
2017-05-24 20:14 - 2017-05-24 20:15 - 03837542 _____ C:\Users\Kamil\Downloads\hc5450_80_pss_slksk.pdf
2017-05-24 20:14 - 2017-05-24 20:14 - 18970730 _____ C:\Users\Kamil\Downloads\hc5450_80_dfu_slk.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-22 13:20 - 2010-11-20 23:01 - 00008582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-22 13:17 - 2016-12-05 17:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Skype
2017-06-22 13:15 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-22 13:14 - 2012-04-18 19:26 - 00000000 ____D C:\Users\Kamil
2017-06-22 12:48 - 2009-07-14 06:34 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-22 12:48 - 2009-07-14 06:34 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-22 12:40 - 2014-07-25 19:39 - 00000000 ____D C:\Users\Kamil\AppData\LocalLow\Temp
2017-06-22 12:39 - 2012-04-18 20:27 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000UA.job
2017-06-22 08:35 - 2016-06-26 06:21 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\vlc
2017-06-21 18:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-06-21 18:39 - 2012-04-18 20:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3867848799-1210266518-3605795662-1000Core.job
2017-06-21 18:18 - 2012-07-19 16:59 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-21 18:18 - 2012-07-19 16:59 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-06-21 18:18 - 2012-07-19 16:59 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-21 18:17 - 2012-04-18 20:19 - 00000000 ____D C:\Windows\Panther
2017-06-21 18:17 - 2009-07-14 06:33 - 00357520 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-21 18:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-28 14:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-05-28 14:15 - 2013-06-07 21:14 - 00000000 ____D C:\Windows\Minidump
2017-05-28 08:43 - 2016-12-05 17:12 - 00000000 ____D C:\ProgramData\Skype
2017-05-28 08:42 - 2016-12-28 17:06 - 00000000 ___RD C:\Program Files\Skype
2017-05-28 08:42 - 2016-12-25 20:55 - 00002701 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-27 19:27 - 2012-08-16 08:47 - 00000000 ____D C:\Users\Kamil\AppData\Local\ElevatedDiagnostics
2017-05-27 17:59 - 2017-03-06 17:14 - 00000000 ___HD C:\Users\Kamil\Documents\Authority
2017-05-27 14:02 - 2015-03-21 11:07 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-27 10:35 - 2012-04-18 20:44 - 00000000 ____D C:\Program Files\TC UP
2017-05-27 10:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2017-05-27 10:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2017-05-26 19:29 - 2014-12-28 09:58 - 00000000 ____D C:\Users\Kamil\AppData\Local\ESET
2017-05-24 19:22 - 2017-03-21 17:41 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-24 17:38 - 2017-03-28 17:19 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-24 17:28 - 2017-03-29 05:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2017-06-22 12:41 - 2017-04-20 21:17 - 0302080 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe
2017-05-27 09:42 - 2017-06-22 13:22 - 0005891 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-06-22 12:41 - 2017-05-24 17:47 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-03-17 16:53 - 2017-03-17 16:53 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs
2015-10-27 19:05 - 2016-12-21 07:39 - 0057344 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-19 20:57 - 2015-06-19 20:57 - 0000986 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel
2016-07-22 17:35 - 2016-07-22 17:35 - 0000017 _____ () C:\Users\Kamil\AppData\Local\resmon.resmoncfg
2012-08-19 09:54 - 2012-08-19 09:55 - 0000202 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-22 00:47

==================== End of FRST.txt ============================

[JaRon]

repete - citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
2017-06-22 12:41 - 2017-04-20 21:17 - 0302080 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe
2017-05-27 09:42 - 2017-06-22 13:22 - 0005891 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-06-22 12:41 - 2017-05-24 17:47 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-03-17 16:53 - 2017-03-17 16:53 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs
2017-05-27 10:07 - 2017-05-27 10:11 - 152677608 _____ C:\Users\Kamil\Desktop\jt6qoqdo.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\CurrentVersion\Windows: [Load] C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {1ef66738-8982-11e1-b4f6-50e549c82b33} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bee-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bf5-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac2d-8bc9-11e1-a4e2-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac47-8bc9-11e1-a4e2-50e549c82b33} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {e33bde52-a7dd-11e1-8e2a-50e549c82b33} - I:\NokiaPCIA_Autorun.exe
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch_Manager.vbs [2017-03-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp453B.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp9F3E.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpB731.tmp.vbs [2017-03-17] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpBE24.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] ()
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKLM\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKLM\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKLM\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKLM\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKLM\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"





EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[kamistr]

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2017 01
Ran by Kamil (22-06-2017 13:50:56) Run:2
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
2017-06-22 12:41 - 2017-04-20 21:17 - 0302080 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe
2017-05-27 09:42 - 2017-06-22 13:22 - 0005891 _____ () C:\Users\Kamil\AppData\Roaming\skype.exe.tmp
2017-06-22 12:41 - 2017-05-24 17:47 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs
2017-03-17 16:53 - 2017-03-17 16:53 - 0107528 _____ () C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs
2017-05-27 10:07 - 2017-05-27 10:11 - 152677608 _____ C:\Users\Kamil\Desktop\jt6qoqdo.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\CurrentVersion\Windows: [Load] C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {1ef66738-8982-11e1-b4f6-50e549c82b33} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bee-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {20d18bf5-8afd-11e1-bee2-50e549c82b33} - H:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac2d-8bc9-11e1-a4e2-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {4c21ac47-8bc9-11e1-a4e2-50e549c82b33} - F:\AutoRun.exe
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\MountPoints2: {e33bde52-a7dd-11e1-8e2a-50e549c82b33} - I:\NokiaPCIA_Autorun.exe
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch_Manager.vbs [2017-03-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp453B.tmp.vbs [2017-05-24] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp9F3E.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpB731.tmp.vbs [2017-03-17] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpBE24.tmp.vbs [2017-04-20] ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-01-14] ()
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"
HKLM\...\Run: [tmpB731] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs"
HKLM\...\Run: [Microsoft Office] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Microsoft Office.vbs" <===== ATTENTION
HKLM\...\Run: [javaupdate] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\javaupdate.vbs" <===== ATTENTION
HKLM\...\Run: [tmp9F3E] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmp9F3E.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [tmpBE24] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\tmpBE24.tmp.vbs" <===== ATTENTION
HKLM\...\Run: [8424898cc4c927994d288319a361b825] => C:\Users\Kamil\AppData\Roaming\skype.exe .. [302080 2017-04-20] ()
HKLM\...\Run: [tmp453B] => wscript.exe //B "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs"





EmptyTemp:
Reboot:
End
*****************

C:\Users\Kamil\AppData\Roaming\skype.exe => moved successfully
C:\Users\Kamil\AppData\Roaming\skype.exe.tmp => moved successfully
Could not move "C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs" => Scheduled to move on reboot.
C:\Users\Kamil\Desktop\jt6qoqdo.exe => moved successfully
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ef66738-8982-11e1-b4f6-50e549c82b33} => key removed successfully.
HKLM\Software\Classes\CLSID\{1ef66738-8982-11e1-b4f6-50e549c82b33} => key not found.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20d18bee-8afd-11e1-bee2-50e549c82b33} => key removed successfully.
HKLM\Software\Classes\CLSID\{20d18bee-8afd-11e1-bee2-50e549c82b33} => key not found.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20d18bf5-8afd-11e1-bee2-50e549c82b33} => key removed successfully.
HKLM\Software\Classes\CLSID\{20d18bf5-8afd-11e1-bee2-50e549c82b33} => key not found.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c21ac2d-8bc9-11e1-a4e2-806e6f6e6963} => key removed successfully.
HKLM\Software\Classes\CLSID\{4c21ac2d-8bc9-11e1-a4e2-806e6f6e6963} => key not found.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c21ac47-8bc9-11e1-a4e2-50e549c82b33} => key removed successfully.
HKLM\Software\Classes\CLSID\{4c21ac47-8bc9-11e1-a4e2-50e549c82b33} => key not found.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e33bde52-a7dd-11e1-8e2a-50e549c82b33} => key removed successfully.
HKLM\Software\Classes\CLSID\{e33bde52-a7dd-11e1-8e2a-50e549c82b33} => key not found.
Could not move "C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe" => Scheduled to move on reboot.
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch_Manager.vbs => moved successfully
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp453B.tmp.vbs => moved successfully
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp9F3E.tmp.vbs => moved successfully
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpB731.tmp.vbs => moved successfully
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpBE24.tmp.vbs => moved successfully
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs => moved successfully
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Nektra OEAPI => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmpB731 => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Office => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\javaupdate => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp9F3E => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmpBE24 => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8424898cc4c927994d288319a361b825 => value removed successfully.
HKU\S-1-5-21-3867848799-1210266518-3605795662-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp453B => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmpB731 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Office => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\javaupdate => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmp9F3E => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmpBE24 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\8424898cc4c927994d288319a361b825 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tmp453B => value removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16052707 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 20580971 B
Firefox => 13589952 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
Kamil => 1277915 B

RecycleBin => 82560 B
EmptyTemp: => 57.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-06-2017 13:53:17)

C:\Users\Kamil\AppData\Roaming\tmp453B.tmp.vbs => is moved successfully
C:\Users\Kamil\AppData\Roaming\tmpB731.tmp.vbs => is moved successfully
C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8424898cc4c927994d288319a361b825.exe => is moved successfully

==== End of Fixlog 13:53:17 ====

[JaRon]

fajn
citat:

•Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
•Oznacte jen moznost "Remove disinfection tools"
•kliknete na Run

a napis, ci su nejake problemy

[kamistr]

# DelFix v1.013 - Logfile created 22/06/2017 at 14:10:25
# Updated 17/04/2016 by Xplode
# Username : Kamil - KAMIL-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Kamil\Desktop\Addition.txt
Deleted : C:\Users\Kamil\Desktop\AdwCleaner[C2].txt
Deleted : C:\Users\Kamil\Desktop\adwcleaner_6.047.exe
Deleted : C:\Users\Kamil\Desktop\Fixlog.txt
Deleted : C:\Users\Kamil\Desktop\FRST.exe
Deleted : C:\Users\Kamil\Desktop\FRST.txt
Deleted : C:\Users\Kamil\Desktop\RSIT.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\Kamil\Downloads\RogueKiller(1).exe
Deleted : C:\Users\Kamil\Downloads\RogueKiller(2).exe
Deleted : C:\Users\Kamil\Downloads\RogueKiller.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DWPROT

########## - EOF - ##########

[JaRon]

poslal si to iste

[kamistr]

zbadal som, oprava ........

[JaRon]

ak nie su problemy - hotovo

[kamistr]

Skusim stiahnut NOD 32 a až potom odskusam USB keys ? Alebo mam zvolit iny postup ? Co ak su aj keys zavirene ....

[JaRon]

samozrejme tam najprv nainstaluj nejaky legalny AV, potom mozes ako prevenciu na USB-kluce pouzit https://forum.viry.cz/viewtopic.php?f=24&t=140144

[kamistr]

Vsetky USB kluce boli infikovane. Stiahol som Nod 32 + UsbFix. Je to v poriadku !

Dakujem za pomoc !!!

[JaRon]

Rado sa stalo