Ahoj Vsem,
prosim Vas timto o kontrolu logu. Pc bohuzel nefunguje jak ma. Mam podezreni na viry v pc. Pomalejsi odezva pc a antivirovy program Avast casto vyhazuje hlasu, nalezena skodliva hrozba. Prosim o Vasi pomoc.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by micha (administrator) on MISA_WIN10 (11-11-2017 13:39:58)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\P2PEnhance\p2penhance.exe
(Keepvid) C:\Program Files (x86)\KeepVid\KAF\2.4.2.222\KvAppService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Spotydl) C:\Program Files (x86)\Spotydl\spotydl.exe
(Spotify Ltd) C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\micha\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-11] (AVAST Software)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [2447712 2017-06-11] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2015-06-07] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15375312 2017-06-21] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5388128 2017-06-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-10] (Spotify Ltd)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotydl] => C:\Program Files (x86)\Spotydl\spotydl.exe [1878016 2014-02-22] (Spotydl)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [PQwick] => C:\Program Files (x86)\PQwick1.1\PQwick.exe [815992 2017-10-15] (Ashampoo)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotify Web Helper] => C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-10] (Spotify Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{bd374a84-fd92-49ff-81fd-5df053db3bd2}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: No Name -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: No Name -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxp://www.facebook.co ... oogle.com/"
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-10-11]
CHR Extension: (iPrima) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\alafgdbefgihkggefobnlmlpnifnfedd [2017-10-11]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Vyhledávání Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Ulož.to) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjibnfalpbggjkaomijnloodkdkgcdj [2017-10-11]
CHR Extension: (HBO GO) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdpjjopjiimbecggfmcbkbifdgblapo [2017-10-11]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-11-11]
CHR Extension: (Slovní fotbal) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkjfkiapgnfmeedpjapeiaajpjgmphf [2017-10-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [332368 2017-11-11] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 KvAppService; C:\Program Files (x86)\Keepvid\KAF\2.4.2.222\KvAppService.exe [474824 2017-03-10] (Keepvid)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2283984 2017-06-21] (Micro-Star INT'L CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 P2PEnhance; C:\Program Files (x86)\P2PEnhance\P2PEnhance.exe [53248 2015-09-04] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-23] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [675184 2017-06-11] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331632 2017-06-11] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo Retro\DriverInstall.exe [119008 2017-07-05] (Wondershare)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-11] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-11] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [570152 2017-11-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455384 2017-11-11] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-11] (AVAST Software)
R3 AVerPola; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [871048 2016-12-13] (AVerMedia TECHNOLOGIES, Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 wfcre; C:\WINDOWS\System32\drivers\wfcre.sys [124288 2017-07-04] ()
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [22528 2017-03-14] () [File not signed]
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-06-07] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 13:39 - 2017-11-11 13:40 - 000020069 _____ C:\Users\micha\Desktop\FRST.txt
2017-11-11 13:39 - 2017-11-11 13:38 - 000112640 _____ (forum.viry.cz) C:\Users\micha\Desktop\FRSTLauncher.exe
2017-11-11 13:38 - 2017-11-11 13:38 - 000112640 _____ (forum.viry.cz) C:\Users\micha\Downloads\FRSTLauncher.exe
2017-11-11 13:37 - 2017-11-11 13:39 - 000000000 ____D C:\FRST
2017-11-11 13:34 - 2017-11-11 13:34 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-11 13:28 - 2017-11-11 13:28 - 002403328 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2017-11-11 13:24 - 2017-11-11 13:24 - 000000270 __RSH C:\Users\micha\ntuser.pol
2017-11-11 13:21 - 2017-11-11 13:21 - 000000000 ___HD C:\$AV_ASW
2017-11-11 13:16 - 2017-11-11 13:29 - 000000000 ____D C:\Program Files (x86)\SystemHealer
2017-11-11 13:16 - 2017-11-11 13:16 - 000000000 ____D C:\Users\micha\AppData\Roaming\System Healer
2017-11-11 13:16 - 2017-11-11 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-11-11 13:16 - 2017-11-11 13:16 - 000000000 ____D C:\ProgramData\8a3aa5c6-4981-0
2017-11-11 13:16 - 2017-11-11 13:16 - 000000000 ____D C:\ProgramData\8a3aa5c6-2881-1
2017-11-11 13:15 - 2017-11-11 13:15 - 000000000 ____D C:\Program Files (x86)\PQwick1.1
2017-11-11 13:15 - 2017-11-11 13:15 - 000000000 ____D C:\Program Files (x86)\CompanyKooxa
2017-11-11 13:14 - 2017-11-11 13:14 - 000000000 ____D C:\ProgramData\QuteClient
2017-11-11 13:14 - 2017-11-11 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\P2PEnhance
2017-11-11 13:14 - 2017-11-11 13:14 - 000000000 ____D C:\ProgramData\Microleaves
2017-11-11 13:14 - 2017-11-11 13:14 - 000000000 ____D C:\Program Files (x86)\P2PEnhance
2017-11-11 13:12 - 2017-11-11 13:24 - 000000390 _____ C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2017-11-11 13:12 - 2017-11-11 13:24 - 000000310 _____ C:\WINDOWS\Tasks\PjDfytumxbayONn.job
2017-11-11 13:12 - 2017-11-11 13:14 - 000930816 _____ C:\Users\micha\AppData\Local\po.db
2017-11-11 13:12 - 2017-11-11 13:12 - 000140800 _____ C:\Users\micha\AppData\Local\installer.dat
2017-11-11 13:12 - 2017-11-11 13:12 - 000011568 _____ C:\Users\micha\AppData\Local\InstallationConfiguration.xml
2017-11-11 13:12 - 2017-11-11 13:12 - 000003722 _____ C:\WINDOWS\System32\Tasks\{FFDDB183-9748-ECE9-037F-2334DDAABD36}
2017-11-11 13:12 - 2017-11-11 13:12 - 000003214 _____ C:\WINDOWS\System32\Tasks\zjwPaeaadZaNwF
2017-11-11 13:12 - 2017-11-11 13:12 - 000002864 _____ C:\WINDOWS\System32\Tasks\PjDfytumxbayONn2
2017-11-11 13:12 - 2017-11-11 13:12 - 000002848 _____ C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
2017-11-11 13:12 - 2017-11-11 13:12 - 000002630 _____ C:\WINDOWS\System32\Tasks\PjDfytumxbayONn
2017-11-11 13:12 - 2017-11-11 13:12 - 000000270 __RSH C:\ProgramData\ntuser.pol
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Users\micha\Documents\PCSpeedUp
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\ProgramData\34237f02-7801-0
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\ProgramData\34237f02-18a3-1
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\zTWnHlzwjSUn
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\ZfJRwqLPhIE
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\kqEuPYMaU
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\JIdcnntTvnKU2
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-11-11 13:11 - 2017-11-11 13:24 - 000000404 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000000 ____D C:\Disk
2017-11-11 13:11 - 2017-11-11 13:11 - 000003298 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Windat
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microleaves
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Users\micha\AppData\Local\AdvinstAnalytics
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnjoyWiFi
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Program Files\LaCie Private Public
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Program Files (x86)\EnjoyWiFi
2017-11-11 13:10 - 2017-11-11 13:22 - 000000000 ____D C:\Users\micha\AppData\Local\AdService
2017-11-11 13:06 - 2017-11-11 13:06 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-11 13:06 - 2017-11-11 13:06 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-09 21:48 - 2017-11-09 21:48 - 000001042 _____ C:\Users\micha\Desktop\fb text reklama.txt
2017-11-07 20:46 - 2017-11-10 19:10 - 000000000 ____D C:\Users\micha\Desktop\maminka job
2017-11-05 21:13 - 2017-11-05 21:13 - 000686196 _____ C:\WINDOWS\Minidump\110517-8031-01.dmp
2017-11-02 21:17 - 2017-11-02 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-02 21:16 - 2017-11-02 21:16 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\Program Files\iTunes
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\Program Files\iPod
2017-10-17 20:42 - 2017-10-18 20:33 - 000568102 _____ C:\Users\micha\Desktop\Wedding Day Kata and Radek 8.9.2017.pds
2017-10-17 19:54 - 2017-11-05 21:13 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-17 19:54 - 2017-10-17 19:54 - 000681772 _____ C:\WINDOWS\Minidump\101717-6328-01.dmp
2017-10-15 13:49 - 2017-10-15 13:49 - 000000000 ____D C:\TempProjekty
2017-10-15 13:26 - 2017-10-15 20:42 - 000000000 ____D C:\ProgramData\Extreme Picture Finder
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 13:34 - 2016-09-05 17:18 - 000000000 ____D C:\Program Files\trend micro
2017-11-11 13:30 - 2017-07-05 09:27 - 002649098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-11 13:30 - 2017-03-20 05:43 - 001192930 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-11 13:30 - 2017-03-20 05:43 - 000286670 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-11 13:26 - 2017-07-05 09:25 - 000003806 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-11-11 13:25 - 2017-04-18 15:36 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2017-11-11 13:24 - 2017-07-05 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 13:24 - 2017-07-05 09:18 - 000000000 ____D C:\Users\micha
2017-11-11 13:24 - 2017-07-05 09:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-11 13:24 - 2017-04-18 15:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2017-11-11 13:24 - 2016-02-12 21:10 - 000000000 ___RD C:\Users\micha\iCloudDrive
2017-11-11 13:23 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-11 13:17 - 2017-09-24 15:41 - 000001376 _____ C:\Users\Public\Desktop\Wondershare TunesGo.lnk
2017-11-11 13:13 - 2017-07-05 09:25 - 000004200 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8921971B-2D18-480B-8C11-EE2A78699D52}
2017-11-11 13:12 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-11-11 13:07 - 2016-01-26 21:06 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2017-11-11 13:06 - 2017-07-05 09:25 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-11 13:06 - 2017-06-14 19:10 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-11 13:06 - 2017-01-26 14:26 - 000570152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-11 12:59 - 2017-05-08 09:16 - 000000000 ____D C:\Users\micha\AppData\LocalLow\uTorrent
2017-11-11 12:39 - 2017-07-05 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-11 10:55 - 2016-02-12 21:11 - 000000000 ____D C:\Users\micha\AppData\Local\781CD1E9-0D91-40D0-8603-FAF49C786103.aplzod
2017-11-10 17:44 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-10 17:44 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-03 22:00 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000002278 _____ C:\Users\micha\Desktop\WhatsApp.lnk
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Local\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Local\SquirrelTemp
2017-11-02 21:30 - 2016-01-26 15:38 - 000000000 ___RD C:\Users\micha\OneDrive
2017-11-02 20:36 - 2017-07-19 17:22 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2976775506-2560316150-966240833-1001
2017-11-02 20:36 - 2016-01-26 15:38 - 000002427 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-30 21:05 - 2017-07-05 09:25 - 000004714 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-30 21:05 - 2017-07-05 09:25 - 000004506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-30 21:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-30 21:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 12:07 - 2017-09-10 19:05 - 000000000 ____D C:\Users\micha\Desktop\Videoclip Svatba
2017-10-20 17:04 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-20 17:00 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-17 19:50 - 2016-01-26 15:36 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2017-10-17 17:17 - 2017-08-06 16:57 - 000000000 ____D C:\Users\micha\Documents\CyberLink
2017-10-15 21:35 - 2016-01-26 20:48 - 000000000 ____D C:\Users\micha\AppData\Local\JDownloader v2.0
2017-10-15 20:54 - 2016-02-27 11:09 - 000000000 ____D C:\Users\micha\AppData\Roaming\MPC-HC
2017-10-15 13:01 - 2017-08-28 19:51 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 18:29 - 2016-01-31 09:09 - 000000000 ____D C:\Users\micha\Desktop\Amazon
2017-10-12 18:05 - 2017-08-31 19:09 - 000000000 ____D C:\Users\micha\AppData\Local\OfficeBSCache-OD-michaela.strnadova@email.cz
2017-10-12 17:59 - 2016-02-01 11:24 - 000000000 ____D C:\Users\micha\AppData\Local\Adobe
2017-10-12 17:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 17:26 - 2016-01-26 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 17:15 - 2017-07-05 09:17 - 000431520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2017-11-11 13:12 - 2017-11-11 13:12 - 000011568 _____ () C:\Users\micha\AppData\Local\InstallationConfiguration.xml
2017-11-11 13:12 - 2017-11-11 13:12 - 000140800 _____ () C:\Users\micha\AppData\Local\installer.dat
2017-11-11 13:12 - 2017-11-11 13:14 - 000930816 _____ () C:\Users\micha\AppData\Local\po.db
Some files in TEMP:
====================
2017-10-15 13:55 - 2017-10-15 13:55 - 000040448 ____N () C:\Users\micha\AppData\Local\Temp\proxy_vole429136364760764545.dll
2017-10-15 13:55 - 2017-10-15 13:55 - 000040448 ____N () C:\Users\micha\AppData\Local\Temp\proxy_vole9109582225113044753.dll
2017-11-11 13:15 - 2017-11-09 23:45 - 004285440 _____ () C:\Users\micha\AppData\Local\Temp\sourse.exe
2017-11-11 13:16 - 2017-11-11 13:16 - 004084712 _____ (SystemHealer ) C:\Users\micha\AppData\Local\Temp\SystemHealer.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-03 17:48
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:111.35 GB) (Free:18.84 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (ZALOHA) (Fixed) (Total:931.51 GB) (Free:229.97 GB) NTFS
Drive e: (DATA) (Fixed) (Total:931.51 GB) (Free:101.68 GB) NTFS
Available physical RAM: 5328.67 MB
Total physical RAM: 8120.02 MB
Percentage of memory in use: 34%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A380F967)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 15B65200)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 15B65201)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PjDfytumxbayONn.job => C:\Program Files (x86)\kqEuPYMaU\ukIowE.dll
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\micha\Desktop" je 19237 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavirovany PC, prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
s16strnadova
- Návštěvník
- Příspěvky: 169
- Registrován: 28 led 2010 15:00
- Bydliště: GA,Atlanta
- Kontaktovat uživatele:
Zavirovany PC, prosim o kontrolu logu
- Přílohy
-
- Addition.rar
- (14.67 KiB) Staženo 71 x
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
s16strnadova
- Návštěvník
- Příspěvky: 169
- Registrován: 28 led 2010 15:00
- Bydliště: GA,Atlanta
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
# AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 11 16:04:30 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: P2PEnhance
***** [ Folders ] *****
Deleted: C:\Users\micha\Documents\PCSpeedUp
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
Deleted: C:\Users\micha\AppData\Local\\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Deleted: C:\Users\micha\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\Users\micha\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Deleted: C:\Users\micha\AppData\Local\AdService
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
Deleted: C:\Users\micha\AppData\Roaming\System Healer
Deleted: C:\Program Files (x86)\SystemHealer
Deleted: C:\ProgramData\Microleaves
Deleted: C:\Program Files (x86)\Microleaves
Deleted: C:\Users\All Users\Microleaves
Deleted: C:\Users\micha\AppData\Roaming\Microleaves
Deleted: C:\Program Files (x86)\zTWnHlzwjSUn
Deleted: C:\Program Files (x86)\kqEuPYMaU
Deleted: C:\Program Files (x86)\ZfJRwqLPhIE
Deleted: C:\Program Files (x86)\JIdcnntTvnKU2
Deleted: C:\\Users\Public\Documents\XMUpdate
Deleted: C:\ProgramData\34237f02-18a3-1
Deleted: C:\ProgramData\34237f02-7801-0
Deleted: C:\ProgramData\8a3aa5c6-2881-1
Deleted: C:\ProgramData\8a3aa5c6-4981-0
***** [ Files ] *****
Deleted: C:\Users\micha\appdata\local\installationconfiguration.xml
Deleted: C:\Windows\SysNative\drivers\wfcre.sys
Deleted: C:\Users\micha\AppData\Local\PO.DB
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: Online Application V2G1
Deleted: Online Application V2G3
Deleted: Online Application V2G2
Deleted: PC SpeedUp Service Deactivator
Deleted: LaCieS
Deleted: zjwPaeaadZaNwF
Deleted: PjDfytumxbayONn2
Deleted: PjDfytumxbayONn
Deleted: Updater_Online_Application
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\System Healer
Deleted: [Key] - HKCU\Software\System Healer
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1
Deleted: [Value] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\Microsoft\Windows\CurrentVersion\Run|PQwick
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|PQwick
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SpeedCheckerService.exe
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted: [Key] - HKLM\SOFTWARE\Speedchecker Limited
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\Speedchecker Limited
Deleted: [Key] - HKCU\Software\Speedchecker Limited
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
SearchProvider deleted: Ask Search - ask search
SearchProvider deleted: slunecnice.cz - slunecnice.cz
SearchProvider deleted: Conduit - search.conduit.com
SearchProvider deleted: ICQ Search - search.icq.com
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [3949 B] - [2016/9/5 18:26:36]
C:/AdwCleaner/AdwCleaner[S0].txt - [3992 B] - [2016/9/5 18:25:9]
C:/AdwCleaner/AdwCleaner[S1].txt - [6913 B] - [2017/11/11 16:4:1]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: P2PEnhance
***** [ Folders ] *****
Deleted: C:\Users\micha\Documents\PCSpeedUp
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
Deleted: C:\Users\micha\AppData\Local\\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Deleted: C:\Users\micha\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\Users\micha\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Deleted: C:\Users\micha\AppData\Local\AdService
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
Deleted: C:\Users\micha\AppData\Roaming\System Healer
Deleted: C:\Program Files (x86)\SystemHealer
Deleted: C:\ProgramData\Microleaves
Deleted: C:\Program Files (x86)\Microleaves
Deleted: C:\Users\All Users\Microleaves
Deleted: C:\Users\micha\AppData\Roaming\Microleaves
Deleted: C:\Program Files (x86)\zTWnHlzwjSUn
Deleted: C:\Program Files (x86)\kqEuPYMaU
Deleted: C:\Program Files (x86)\ZfJRwqLPhIE
Deleted: C:\Program Files (x86)\JIdcnntTvnKU2
Deleted: C:\\Users\Public\Documents\XMUpdate
Deleted: C:\ProgramData\34237f02-18a3-1
Deleted: C:\ProgramData\34237f02-7801-0
Deleted: C:\ProgramData\8a3aa5c6-2881-1
Deleted: C:\ProgramData\8a3aa5c6-4981-0
***** [ Files ] *****
Deleted: C:\Users\micha\appdata\local\installationconfiguration.xml
Deleted: C:\Windows\SysNative\drivers\wfcre.sys
Deleted: C:\Users\micha\AppData\Local\PO.DB
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: Online Application V2G1
Deleted: Online Application V2G3
Deleted: Online Application V2G2
Deleted: PC SpeedUp Service Deactivator
Deleted: LaCieS
Deleted: zjwPaeaadZaNwF
Deleted: PjDfytumxbayONn2
Deleted: PjDfytumxbayONn
Deleted: Updater_Online_Application
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\System Healer
Deleted: [Key] - HKCU\Software\System Healer
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1
Deleted: [Value] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\Microsoft\Windows\CurrentVersion\Run|PQwick
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|PQwick
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SpeedCheckerService.exe
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted: [Key] - HKLM\SOFTWARE\Speedchecker Limited
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\Speedchecker Limited
Deleted: [Key] - HKCU\Software\Speedchecker Limited
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted: [Key] - HKU\S-1-5-21-2976775506-2560316150-966240833-1001\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
SearchProvider deleted: Ask Search - ask search
SearchProvider deleted: slunecnice.cz - slunecnice.cz
SearchProvider deleted: Conduit - search.conduit.com
SearchProvider deleted: ICQ Search - search.icq.com
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.facebook.com/michaelastrnadova
Startpage deleted: http://www.youtube.com/
Startpage deleted: http://www.gmail.com/
Startpage deleted: http://search.conduit.com/?ctid=CT33071 ... pv=TB_CNI3
Startpage deleted: http://www.google.com/
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [3949 B] - [2016/9/5 18:26:36]
C:/AdwCleaner/AdwCleaner[S0].txt - [3992 B] - [2016/9/5 18:25:9]
C:/AdwCleaner/AdwCleaner[S1].txt - [6913 B] - [2017/11/11 16:4:1]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
s16strnadova
- Návštěvník
- Příspěvky: 169
- Registrován: 28 led 2010 15:00
- Bydliště: GA,Atlanta
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2017
Ran by micha (administrator) on MISA_WIN10 (11-11-2017 17:47:33)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Keepvid) C:\Program Files (x86)\KeepVid\KAF\2.4.2.222\KvAppService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Spotify Ltd) C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotydl) C:\Program Files (x86)\Spotydl\spotydl.exe
(Spotify Ltd) C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-11] (AVAST Software)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [2447712 2017-06-11] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2015-06-07] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15375312 2017-06-21] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5388128 2017-06-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-10] (Spotify Ltd)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotydl] => C:\Program Files (x86)\Spotydl\spotydl.exe [1878016 2014-02-22] (Spotydl)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotify Web Helper] => C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-10] (Spotify Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{bd374a84-fd92-49ff-81fd-5df053db3bd2}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: No Name -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxp://www.facebook.co ... google.com"
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-10-11]
CHR Extension: (iPrima) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\alafgdbefgihkggefobnlmlpnifnfedd [2017-10-11]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Vyhledávání Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Ulož.to) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjibnfalpbggjkaomijnloodkdkgcdj [2017-10-11]
CHR Extension: (HBO GO) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdpjjopjiimbecggfmcbkbifdgblapo [2017-10-11]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-11-11]
CHR Extension: (Slovní fotbal) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkjfkiapgnfmeedpjapeiaajpjgmphf [2017-10-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [332368 2017-11-11] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 KvAppService; C:\Program Files (x86)\Keepvid\KAF\2.4.2.222\KvAppService.exe [474824 2017-03-10] (Keepvid)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2283984 2017-06-21] (Micro-Star INT'L CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-23] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [675184 2017-06-11] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331632 2017-06-11] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo Retro\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-11] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-11] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [570152 2017-11-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455384 2017-11-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-11] (AVAST Software)
R3 AVerPola; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [871048 2016-12-13] (AVerMedia TECHNOLOGIES, Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 wfcre; C:\WINDOWS\System32\drivers\wfcre.sys [124288 2017-07-04] ()
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [22528 2017-03-14] () [File not signed]
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-06-07] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 17:47 - 2017-11-11 17:47 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion
2017-11-11 17:01 - 2017-11-11 17:01 - 008261584 _____ (Malwarebytes) C:\Users\micha\Desktop\adwcleaner_7.0.4.0.exe
2017-11-11 15:50 - 2017-11-11 15:50 - 000000566 _____ C:\Users\micha\Documents\starburn.txt
2017-11-11 15:50 - 2017-11-11 15:50 - 000000000 ____D C:\Users\micha\Documents\Wondershare Filmora
2017-11-11 13:47 - 2017-11-11 13:47 - 000015022 _____ C:\Users\micha\Desktop\Addition.rar
2017-11-11 13:40 - 2017-11-11 13:40 - 000054657 _____ C:\Users\micha\Desktop\Addition.txt
2017-11-11 13:39 - 2017-11-11 17:47 - 000018600 _____ C:\Users\micha\Desktop\FRST.txt
2017-11-11 13:37 - 2017-11-11 17:47 - 000000000 ____D C:\FRST
2017-11-11 13:34 - 2017-11-11 13:34 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-11 13:28 - 2017-11-11 17:47 - 002392576 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2017-11-11 13:24 - 2017-11-11 13:24 - 000000270 __RSH C:\Users\micha\ntuser.pol
2017-11-11 13:21 - 2017-11-11 13:21 - 000000000 ___HD C:\$AV_ASW
2017-11-11 13:15 - 2017-11-11 13:15 - 000000000 ____D C:\Program Files (x86)\CompanyKooxa
2017-11-11 13:12 - 2017-11-11 13:12 - 000140800 _____ C:\Users\micha\AppData\Local\installer.dat
2017-11-11 13:12 - 2017-11-11 13:12 - 000000270 __RSH C:\ProgramData\ntuser.pol
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000000 ____D C:\Disk
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Windat
2017-11-11 13:06 - 2017-11-11 13:06 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-11 13:06 - 2017-11-11 13:06 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-09 21:48 - 2017-11-09 21:48 - 000001042 _____ C:\Users\micha\Desktop\fb text reklama.txt
2017-11-07 20:46 - 2017-11-10 19:10 - 000000000 ____D C:\Users\micha\Desktop\maminka job
2017-11-02 21:17 - 2017-11-02 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-02 21:16 - 2017-11-02 21:16 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\Program Files\iTunes
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\Program Files\iPod
2017-10-17 20:42 - 2017-10-18 20:33 - 000568102 _____ C:\Users\micha\Desktop\Wedding Day Kata and Radek 8.9.2017.pds
2017-10-17 19:54 - 2017-11-11 14:19 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-15 13:49 - 2017-10-15 13:49 - 000000000 ____D C:\TempProjekty
2017-10-15 13:26 - 2017-10-15 20:42 - 000000000 ____D C:\ProgramData\Extreme Picture Finder
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 17:09 - 2017-07-05 09:27 - 002702518 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-11 17:09 - 2017-03-20 05:43 - 001220018 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-11 17:09 - 2017-03-20 05:43 - 000295034 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-11 17:07 - 2017-07-05 09:25 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-11-11 17:05 - 2017-07-05 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 17:05 - 2017-07-05 09:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-11 17:05 - 2017-04-18 15:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2017-11-11 17:05 - 2017-04-18 15:36 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2017-11-11 17:05 - 2016-02-12 21:10 - 000000000 ___RD C:\Users\micha\iCloudDrive
2017-11-11 17:04 - 2017-08-28 19:51 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-11-11 17:04 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-11 17:04 - 2016-09-05 19:24 - 000000000 ____D C:\AdwCleaner
2017-11-11 17:01 - 2017-07-05 09:18 - 000000000 ____D C:\Users\micha
2017-11-11 14:36 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-11 14:36 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-11 14:20 - 2017-05-08 06:43 - 000000000 ____D C:\Users\micha\AppData\Roaming\Wondershare
2017-11-11 14:20 - 2016-06-20 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-11-11 14:19 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-11 14:19 - 2016-02-27 11:09 - 000000000 ____D C:\Users\micha\AppData\Roaming\MPC-HC
2017-11-11 14:19 - 2016-01-26 21:06 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2017-11-11 13:45 - 2016-01-26 17:12 - 000000000 ____D C:\Users\micha\AppData\Roaming\Skype
2017-11-11 13:34 - 2016-09-05 17:18 - 000000000 ____D C:\Program Files\trend micro
2017-11-11 13:13 - 2017-07-05 09:25 - 000004200 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8921971B-2D18-480B-8C11-EE2A78699D52}
2017-11-11 13:12 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-11-11 13:06 - 2017-07-05 09:25 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-11 13:06 - 2017-06-14 19:10 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-11 13:06 - 2017-01-26 14:26 - 000570152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-11 12:59 - 2017-05-08 09:16 - 000000000 ____D C:\Users\micha\AppData\LocalLow\uTorrent
2017-11-11 12:39 - 2017-07-05 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-11 10:55 - 2016-02-12 21:11 - 000000000 ____D C:\Users\micha\AppData\Local\781CD1E9-0D91-40D0-8603-FAF49C786103.aplzod
2017-11-03 22:00 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000002278 _____ C:\Users\micha\Desktop\WhatsApp.lnk
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Local\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Local\SquirrelTemp
2017-11-02 21:30 - 2016-01-26 15:38 - 000000000 ___RD C:\Users\micha\OneDrive
2017-11-02 20:36 - 2017-07-19 17:22 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2976775506-2560316150-966240833-1001
2017-11-02 20:36 - 2016-01-26 15:38 - 000002427 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-30 21:05 - 2017-07-05 09:25 - 000004714 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-30 21:05 - 2017-07-05 09:25 - 000004506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-30 21:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-30 21:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 12:07 - 2017-09-10 19:05 - 000000000 ____D C:\Users\micha\Desktop\Videoclip Svatba
2017-10-20 17:00 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-17 19:50 - 2016-01-26 15:36 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2017-10-17 17:17 - 2017-08-06 16:57 - 000000000 ____D C:\Users\micha\Documents\CyberLink
2017-10-15 21:35 - 2016-01-26 20:48 - 000000000 ____D C:\Users\micha\AppData\Local\JDownloader v2.0
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 18:29 - 2016-01-31 09:09 - 000000000 ____D C:\Users\micha\Desktop\Amazon
2017-10-12 18:05 - 2017-08-31 19:09 - 000000000 ____D C:\Users\micha\AppData\Local\OfficeBSCache-OD-michaela.strnadova@email.cz
2017-10-12 17:59 - 2016-02-01 11:24 - 000000000 ____D C:\Users\micha\AppData\Local\Adobe
2017-10-12 17:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 17:26 - 2016-01-26 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 17:15 - 2017-07-05 09:17 - 000431520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2017-11-11 13:12 - 2017-11-11 13:12 - 000140800 _____ () C:\Users\micha\AppData\Local\installer.dat
Some files in TEMP:
====================
2017-11-11 13:15 - 2017-11-09 23:45 - 004285440 _____ () C:\Users\micha\AppData\Local\Temp\sourse.exe
2017-11-11 13:16 - 2017-11-11 13:16 - 004084712 _____ (SystemHealer ) C:\Users\micha\AppData\Local\Temp\SystemHealer.exe
2017-11-11 14:20 - 2017-11-11 13:15 - 000099888 _____ () C:\Users\micha\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-03 17:48
==================== End of FRST.txt ============================
Ran by micha (administrator) on MISA_WIN10 (11-11-2017 17:47:33)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Keepvid) C:\Program Files (x86)\KeepVid\KAF\2.4.2.222\KvAppService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Spotify Ltd) C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotydl) C:\Program Files (x86)\Spotydl\spotydl.exe
(Spotify Ltd) C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-11] (AVAST Software)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [2447712 2017-06-11] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2015-06-07] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15375312 2017-06-21] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5388128 2017-06-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-10] (Spotify Ltd)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotydl] => C:\Program Files (x86)\Spotydl\spotydl.exe [1878016 2014-02-22] (Spotydl)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-2976775506-2560316150-966240833-1001\...\Run: [Spotify Web Helper] => C:\Users\micha\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-10] (Spotify Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{bd374a84-fd92-49ff-81fd-5df053db3bd2}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: No Name -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxp://www.facebook.co ... google.com"
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-10-11]
CHR Extension: (iPrima) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\alafgdbefgihkggefobnlmlpnifnfedd [2017-10-11]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Vyhledávání Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Ulož.to) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjibnfalpbggjkaomijnloodkdkgcdj [2017-10-11]
CHR Extension: (HBO GO) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdpjjopjiimbecggfmcbkbifdgblapo [2017-10-11]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-11-11]
CHR Extension: (Slovní fotbal) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkjfkiapgnfmeedpjapeiaajpjgmphf [2017-10-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [332368 2017-11-11] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 KvAppService; C:\Program Files (x86)\Keepvid\KAF\2.4.2.222\KvAppService.exe [474824 2017-03-10] (Keepvid)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2283984 2017-06-21] (Micro-Star INT'L CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-23] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [675184 2017-06-11] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331632 2017-06-11] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo Retro\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-11] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-11] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [570152 2017-11-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455384 2017-11-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-11] (AVAST Software)
R3 AVerPola; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [871048 2016-12-13] (AVerMedia TECHNOLOGIES, Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 wfcre; C:\WINDOWS\System32\drivers\wfcre.sys [124288 2017-07-04] ()
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [22528 2017-03-14] () [File not signed]
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-06-07] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 17:47 - 2017-11-11 17:47 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion
2017-11-11 17:01 - 2017-11-11 17:01 - 008261584 _____ (Malwarebytes) C:\Users\micha\Desktop\adwcleaner_7.0.4.0.exe
2017-11-11 15:50 - 2017-11-11 15:50 - 000000566 _____ C:\Users\micha\Documents\starburn.txt
2017-11-11 15:50 - 2017-11-11 15:50 - 000000000 ____D C:\Users\micha\Documents\Wondershare Filmora
2017-11-11 13:47 - 2017-11-11 13:47 - 000015022 _____ C:\Users\micha\Desktop\Addition.rar
2017-11-11 13:40 - 2017-11-11 13:40 - 000054657 _____ C:\Users\micha\Desktop\Addition.txt
2017-11-11 13:39 - 2017-11-11 17:47 - 000018600 _____ C:\Users\micha\Desktop\FRST.txt
2017-11-11 13:37 - 2017-11-11 17:47 - 000000000 ____D C:\FRST
2017-11-11 13:34 - 2017-11-11 13:34 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-11 13:28 - 2017-11-11 17:47 - 002392576 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2017-11-11 13:24 - 2017-11-11 13:24 - 000000270 __RSH C:\Users\micha\ntuser.pol
2017-11-11 13:21 - 2017-11-11 13:21 - 000000000 ___HD C:\$AV_ASW
2017-11-11 13:15 - 2017-11-11 13:15 - 000000000 ____D C:\Program Files (x86)\CompanyKooxa
2017-11-11 13:12 - 2017-11-11 13:12 - 000140800 _____ C:\Users\micha\AppData\Local\installer.dat
2017-11-11 13:12 - 2017-11-11 13:12 - 000000270 __RSH C:\ProgramData\ntuser.pol
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2017-11-11 13:11 - 2017-11-11 13:24 - 000000000 ____D C:\Disk
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2017-11-11 13:11 - 2017-11-11 13:11 - 000003262 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2017-11-11 13:11 - 2017-11-11 13:11 - 000000000 ____D C:\Windat
2017-11-11 13:06 - 2017-11-11 13:06 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-11 13:06 - 2017-11-11 13:06 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-09 21:48 - 2017-11-09 21:48 - 000001042 _____ C:\Users\micha\Desktop\fb text reklama.txt
2017-11-07 20:46 - 2017-11-10 19:10 - 000000000 ____D C:\Users\micha\Desktop\maminka job
2017-11-02 21:17 - 2017-11-02 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-02 21:16 - 2017-11-02 21:16 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\Program Files\iTunes
2017-11-02 21:16 - 2017-11-02 21:16 - 000000000 ____D C:\Program Files\iPod
2017-10-17 20:42 - 2017-10-18 20:33 - 000568102 _____ C:\Users\micha\Desktop\Wedding Day Kata and Radek 8.9.2017.pds
2017-10-17 19:54 - 2017-11-11 14:19 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-15 13:49 - 2017-10-15 13:49 - 000000000 ____D C:\TempProjekty
2017-10-15 13:26 - 2017-10-15 20:42 - 000000000 ____D C:\ProgramData\Extreme Picture Finder
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-11 17:09 - 2017-07-05 09:27 - 002702518 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-11 17:09 - 2017-03-20 05:43 - 001220018 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-11 17:09 - 2017-03-20 05:43 - 000295034 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-11 17:07 - 2017-07-05 09:25 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-11-11 17:05 - 2017-07-05 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 17:05 - 2017-07-05 09:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-11 17:05 - 2017-04-18 15:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2017-11-11 17:05 - 2017-04-18 15:36 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2017-11-11 17:05 - 2016-02-12 21:10 - 000000000 ___RD C:\Users\micha\iCloudDrive
2017-11-11 17:04 - 2017-08-28 19:51 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-11-11 17:04 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-11 17:04 - 2016-09-05 19:24 - 000000000 ____D C:\AdwCleaner
2017-11-11 17:01 - 2017-07-05 09:18 - 000000000 ____D C:\Users\micha
2017-11-11 14:36 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-11 14:36 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-11 14:20 - 2017-05-08 06:43 - 000000000 ____D C:\Users\micha\AppData\Roaming\Wondershare
2017-11-11 14:20 - 2016-06-20 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-11-11 14:19 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-11 14:19 - 2016-02-27 11:09 - 000000000 ____D C:\Users\micha\AppData\Roaming\MPC-HC
2017-11-11 14:19 - 2016-01-26 21:06 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2017-11-11 13:45 - 2016-01-26 17:12 - 000000000 ____D C:\Users\micha\AppData\Roaming\Skype
2017-11-11 13:34 - 2016-09-05 17:18 - 000000000 ____D C:\Program Files\trend micro
2017-11-11 13:13 - 2017-07-05 09:25 - 000004200 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8921971B-2D18-480B-8C11-EE2A78699D52}
2017-11-11 13:12 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-11-11 13:06 - 2017-07-05 09:25 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-11 13:06 - 2017-06-14 19:10 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-11 13:06 - 2017-02-09 14:17 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-11 13:06 - 2017-01-26 14:26 - 000570152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-11 13:06 - 2016-01-26 17:16 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-11 12:59 - 2017-05-08 09:16 - 000000000 ____D C:\Users\micha\AppData\LocalLow\uTorrent
2017-11-11 12:39 - 2017-07-05 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-11 10:55 - 2016-02-12 21:11 - 000000000 ____D C:\Users\micha\AppData\Local\781CD1E9-0D91-40D0-8603-FAF49C786103.aplzod
2017-11-03 22:00 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000002278 _____ C:\Users\micha\Desktop\WhatsApp.lnk
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Local\WhatsApp
2017-11-03 19:57 - 2017-09-05 20:58 - 000000000 ____D C:\Users\micha\AppData\Local\SquirrelTemp
2017-11-02 21:30 - 2016-01-26 15:38 - 000000000 ___RD C:\Users\micha\OneDrive
2017-11-02 20:36 - 2017-07-19 17:22 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2976775506-2560316150-966240833-1001
2017-11-02 20:36 - 2016-01-26 15:38 - 000002427 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-30 21:05 - 2017-07-05 09:25 - 000004714 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-30 21:05 - 2017-07-05 09:25 - 000004506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-30 21:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-30 21:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 12:07 - 2017-09-10 19:05 - 000000000 ____D C:\Users\micha\Desktop\Videoclip Svatba
2017-10-20 17:00 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-17 19:50 - 2016-01-26 15:36 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2017-10-17 17:17 - 2017-08-06 16:57 - 000000000 ____D C:\Users\micha\Documents\CyberLink
2017-10-15 21:35 - 2016-01-26 20:48 - 000000000 ____D C:\Users\micha\AppData\Local\JDownloader v2.0
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 18:29 - 2016-01-31 09:09 - 000000000 ____D C:\Users\micha\Desktop\Amazon
2017-10-12 18:05 - 2017-08-31 19:09 - 000000000 ____D C:\Users\micha\AppData\Local\OfficeBSCache-OD-michaela.strnadova@email.cz
2017-10-12 17:59 - 2016-02-01 11:24 - 000000000 ____D C:\Users\micha\AppData\Local\Adobe
2017-10-12 17:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 17:26 - 2016-01-26 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 17:15 - 2017-07-05 09:17 - 000431520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2017-11-11 13:12 - 2017-11-11 13:12 - 000140800 _____ () C:\Users\micha\AppData\Local\installer.dat
Some files in TEMP:
====================
2017-11-11 13:15 - 2017-11-09 23:45 - 004285440 _____ () C:\Users\micha\AppData\Local\Temp\sourse.exe
2017-11-11 13:16 - 2017-11-11 13:16 - 004084712 _____ (SystemHealer ) C:\Users\micha\AppData\Local\Temp\SystemHealer.exe
2017-11-11 14:20 - 2017-11-11 13:15 - 000099888 _____ () C:\Users\micha\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-03 17:48
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
BHO-x32: No Name -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> No File
C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\micha\AppData\Local\Temp
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.381 - Company Inc.) <==== ATTENTION
Task: {273EFE91-4069-4C83-9589-61345838E8FB} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: {678FF561-F947-435F-9B3A-D579A9530B95} - \{0E040547-0A08-0879-7A11-7E7E0C0E1178} -> No File <==== ATTENTION
Task: {6B91B182-D491-4AED-AE48-E6467E2C1E7E} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6C8A924B-5647-471C-B24F-BED3CE0C4108} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6C979C02-1AD6-49D7-8362-3466D6FE91D3} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {73C4E648-41F5-4F2E-B23E-5336F6D9C8D0} - \LaCieS -> No File <==== ATTENTION
Task: {DF5B84CE-BD68-4DA9-A124-23F12B00049C} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PjDfytumxbayONn.job => C:\Program Files (x86)\kqEuPYMaU\ukIowE.dll
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
(Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy?click_id=yEyEzz0AyD0ByD0F0C0Azy0E0ByE0DyE2RtBtDtCyCtDtCtByCtBtDyEzytDyDtCzzzy
EmptyTemp:
ResetHosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
s16strnadova
- Návštěvník
- Příspěvky: 169
- Registrován: 28 led 2010 15:00
- Bydliště: GA,Atlanta
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-11-2017
Ran by micha (11-11-2017 21:03:30) Run:1
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
BHO-x32: No Name -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> No File
C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\micha\AppData\Local\Temp
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.381 - Company Inc.) <==== ATTENTION
Task: {273EFE91-4069-4C83-9589-61345838E8FB} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: {678FF561-F947-435F-9B3A-D579A9530B95} - \{0E040547-0A08-0879-7A11-7E7E0C0E1178} -> No File <==== ATTENTION
Task: {6B91B182-D491-4AED-AE48-E6467E2C1E7E} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6C8A924B-5647-471C-B24F-BED3CE0C4108} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6C979C02-1AD6-49D7-8362-3466D6FE91D3} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {73C4E648-41F5-4F2E-B23E-5336F6D9C8D0} - \LaCieS -> No File <==== ATTENTION
Task: {DF5B84CE-BD68-4DA9-A124-23F12B00049C} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PjDfytumxbayONn.job => C:\Program Files (x86)\kqEuPYMaU\ukIowE.dll
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
(Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/10 ... tDyDtCzzzy
EmptyTemp:
ResetHosts:
End
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} => key not found.
C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI => moved successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"C:\Users\micha\AppData\Local\Temp" folder move:
Could not move "C:\Users\micha\AppData\Local\Temp" => Scheduled to move on reboot.
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION => Error: No automatic fix found for this entry.
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.381 - Company Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{273EFE91-4069-4C83-9589-61345838E8FB} => key not found.
C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678FF561-F947-435F-9B3A-D579A9530B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678FF561-F947-435F-9B3A-D579A9530B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E040547-0A08-0879-7A11-7E7E0C0E1178} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B91B182-D491-4AED-AE48-E6467E2C1E7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91B182-D491-4AED-AE48-E6467E2C1E7E} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C8A924B-5647-471C-B24F-BED3CE0C4108} => key not found.
C:\WINDOWS\System32\Tasks\Online Application V2G1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C979C02-1AD6-49D7-8362-3466D6FE91D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C979C02-1AD6-49D7-8362-3466D6FE91D3} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C4E648-41F5-4F2E-B23E-5336F6D9C8D0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaCieS => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF5B84CE-BD68-4DA9-A124-23F12B00049C} => key not found.
C:\WINDOWS\System32\Tasks\Updater_Online_Application => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => key not found.
C:\WINDOWS\Tasks\Online Application V2G1.job => not found.
C:\WINDOWS\Tasks\Online Application V2G2.job => not found.
C:\WINDOWS\Tasks\Online Application V2G3.job => not found.
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => not found.
C:\WINDOWS\Tasks\PjDfytumxbayONn.job => not found.
C:\WINDOWS\Tasks\Updater_Online_Application.job => not found.
-> hxxp://mmotraffic.com/catalog/goplay/10 ... tDyDtCzzzy => No running process found
ResetHosts: => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83010850 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 73790457 B
Edge => 518082 B
Chrome => 563062030 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1634 B
NetworkService => 0 B
micha => 51477156 B
RecycleBin => 15415 B
EmptyTemp: => 743.6 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-11-2017 21:15:49)
C:\Users\micha\AppData\Local\Temp => moved successfully
==== End of Fixlog 21:15:49 ====
Ran by micha (11-11-2017 21:03:30) Run:1
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
BHO-x32: No Name -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> No File
C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\micha\AppData\Local\Temp
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.381 - Company Inc.) <==== ATTENTION
Task: {273EFE91-4069-4C83-9589-61345838E8FB} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: {678FF561-F947-435F-9B3A-D579A9530B95} - \{0E040547-0A08-0879-7A11-7E7E0C0E1178} -> No File <==== ATTENTION
Task: {6B91B182-D491-4AED-AE48-E6467E2C1E7E} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6C8A924B-5647-471C-B24F-BED3CE0C4108} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6C979C02-1AD6-49D7-8362-3466D6FE91D3} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {73C4E648-41F5-4F2E-B23E-5336F6D9C8D0} - \LaCieS -> No File <==== ATTENTION
Task: {DF5B84CE-BD68-4DA9-A124-23F12B00049C} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PjDfytumxbayONn.job => C:\Program Files (x86)\kqEuPYMaU\ukIowE.dll
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
(Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/10 ... tDyDtCzzzy
EmptyTemp:
ResetHosts:
End
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} => key not found.
C:\Users\micha\AppData\LocalLow\CelGrfgXIrZdI => moved successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"C:\Users\micha\AppData\Local\Temp" folder move:
Could not move "C:\Users\micha\AppData\Local\Temp" => Scheduled to move on reboot.
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION => Error: No automatic fix found for this entry.
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.381 - Company Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{273EFE91-4069-4C83-9589-61345838E8FB} => key not found.
C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678FF561-F947-435F-9B3A-D579A9530B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678FF561-F947-435F-9B3A-D579A9530B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E040547-0A08-0879-7A11-7E7E0C0E1178} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B91B182-D491-4AED-AE48-E6467E2C1E7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91B182-D491-4AED-AE48-E6467E2C1E7E} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C8A924B-5647-471C-B24F-BED3CE0C4108} => key not found.
C:\WINDOWS\System32\Tasks\Online Application V2G1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C979C02-1AD6-49D7-8362-3466D6FE91D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C979C02-1AD6-49D7-8362-3466D6FE91D3} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C4E648-41F5-4F2E-B23E-5336F6D9C8D0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaCieS => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF5B84CE-BD68-4DA9-A124-23F12B00049C} => key not found.
C:\WINDOWS\System32\Tasks\Updater_Online_Application => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => key not found.
C:\WINDOWS\Tasks\Online Application V2G1.job => not found.
C:\WINDOWS\Tasks\Online Application V2G2.job => not found.
C:\WINDOWS\Tasks\Online Application V2G3.job => not found.
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => not found.
C:\WINDOWS\Tasks\PjDfytumxbayONn.job => not found.
C:\WINDOWS\Tasks\Updater_Online_Application.job => not found.
-> hxxp://mmotraffic.com/catalog/goplay/10 ... tDyDtCzzzy => No running process found
ResetHosts: => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83010850 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 73790457 B
Edge => 518082 B
Chrome => 563062030 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1634 B
NetworkService => 0 B
micha => 51477156 B
RecycleBin => 15415 B
EmptyTemp: => 743.6 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-11-2017 21:15:49)
C:\Users\micha\AppData\Local\Temp => moved successfully
==== End of Fixlog 21:15:49 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
s16strnadova
- Návštěvník
- Příspěvky: 169
- Registrován: 28 led 2010 15:00
- Bydliště: GA,Atlanta
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Rudy moc dekuji za pomoc, pc pracuje perfektne 
Jsi sikula.
Preji hezky den.
Misa
Jsi sikula.
Preji hezky den.
Misa
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany PC, prosim o kontrolu logu
Dík za uznání a nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?