Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Email od UPC - Botnet - malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Wik24
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 lis 2016 20:24

Email od UPC - Botnet - malware

#1 Příspěvek od Wik24 »

Zdravím,

chtěl bych požádat o prověření níže uvedeného logu s podezřením na výskyt malwaru.

Předem děkuji za pomoc

LOG:

Logfile of random's system information tool 1.16 (written by random/random)
Run by Alice at 2018-01-13 00:28:25
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 389 GB (85%) free of 457 GB
Total RAM: 3204 MB (45% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:28:27, on 13.1.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\LPlatSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF24\pdf24.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Users\Alice\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Alice\Downloads\RSIT.exe
C:\Program Files\trend micro\Alice_RSIT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
O4 - HKLM\..\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\PDF24\pdf24.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg32.exe,-100 (CxAudMsg) - Conexant Systems Inc. - C:\Windows\system32\CxAudMsg32.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lenovo Platform Service (LPlatSvc) - Lenovo. - C:\Windows\system32\LPlatSvc.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: PDF24 - Geek Software GmbH - C:\Program Files\PDF24\pdf24.exe
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

--
End of file - 8478 bytes

======Scheduled tasks folder======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\system32\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\PMTask - C:\Program Files\ThinkPad\Utilities\PwmIdTsv.exe
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\EOSNotify - %windir%\system32\EOSNotify.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3223290434-716713168-56790289-1000 - "C:\Users\Alice\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe"
C:\Windows\system32\tasks\Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe

=========Google Chrome=========

C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace 0.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 1 Adobe Acrobat 15.1.0.6
Extension eofcbnmajmjmplflapaojjnihcjkigck 2 Avast SafePrice 12.0.330
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky 1.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.22.1
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.296
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.5
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6317.1002.0.5
Homepage:
default_search_provider.search_url:
C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16 820672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-01-04 246120]
"PWMTRV"=rundll32 C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"Dolby Advanced Audio v2"=C:\Program Files\Dolby Advanced Audio v2\pcee4.exe [2012-08-31 508656]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [2012-06-14 833184]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49568]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-05-31 132920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-06-06 181232]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-06-06 189936]
"PDFPrint"=C:\Program Files\PDF24\pdf24.exe [2017-12-18 433288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-01-13 00:25:24 ----D---- C:\rsit
2018-01-13 00:25:24 ----D---- C:\Program Files\trend micro
2018-01-13 00:10:47 ----D---- C:\ProgramData\SWCUTemp
2018-01-09 11:39:36 ----A---- C:\Windows\system32\mshtml.dll
2018-01-09 11:39:35 ----A---- C:\Windows\system32\jscript9.dll
2018-01-09 11:39:35 ----A---- C:\Windows\system32\ieframe.dll
2018-01-09 11:39:33 ----A---- C:\Windows\system32\wininet.dll
2018-01-09 11:39:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2018-01-09 11:39:33 ----A---- C:\Windows\system32\iertutil.dll
2018-01-09 11:39:32 ----A---- C:\Windows\system32\urlmon.dll
2018-01-09 11:39:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-01-09 11:39:31 ----A---- C:\Windows\system32\vbscript.dll
2018-01-09 11:39:31 ----A---- C:\Windows\system32\kerberos.dll
2018-01-09 11:39:31 ----A---- C:\Windows\system32\jscript.dll
2018-01-09 11:39:30 ----A---- C:\Windows\system32\shell32.dll
2018-01-09 11:39:29 ----A---- C:\Windows\system32\ntdll.dll
2018-01-09 11:39:29 ----A---- C:\Windows\system32\lsasrv.dll
2018-01-09 11:39:29 ----A---- C:\Windows\system32\drivers\ntfs.sys
2018-01-09 11:39:28 ----A---- C:\Windows\system32\winload.exe
2018-01-09 11:39:28 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-09 11:39:28 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-01-09 11:39:28 ----A---- C:\Windows\system32\kernel32.dll
2018-01-09 11:39:28 ----A---- C:\Windows\system32\ieui.dll
2018-01-09 11:39:28 ----A---- C:\Windows\system32\atmfd.dll
2018-01-09 11:39:27 ----A---- C:\Windows\system32\sysmain.dll
2018-01-09 11:39:27 ----A---- C:\Windows\system32\rpcrt4.dll
2018-01-09 11:39:27 ----A---- C:\Windows\system32\ole32.dll
2018-01-09 11:39:27 ----A---- C:\Windows\system32\drivers\srv2.sys
2018-01-09 11:39:27 ----A---- C:\Windows\system32\drivers\srv.sys
2018-01-09 11:39:27 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-01-09 11:39:27 ----A---- C:\Windows\system32\advapi32.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\win32k.sys
2018-01-09 11:39:26 ----A---- C:\Windows\system32\rpcss.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\PeerDistSvc.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\msxml6.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\msv1_0.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\msfeeds.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\MPSSVC.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\KernelBase.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\inetcomm.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\iedkcs32.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\halmacpi.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\hal.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\FirewallAPI.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\ExplorerFrame.dll
2018-01-09 11:39:26 ----A---- C:\Windows\system32\drivers\ndis.sys
2018-01-09 11:39:26 ----A---- C:\Windows\system32\drivers\http.sys
2018-01-09 11:39:26 ----A---- C:\Windows\system32\drivers\fltMgr.sys
2018-01-09 11:39:25 ----A---- C:\Windows\system32\winsrv.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\webcheck.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\srcore.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\spoolsv.exe
2018-01-09 11:39:25 ----A---- C:\Windows\system32\smss.exe
2018-01-09 11:39:25 ----A---- C:\Windows\system32\rpchttp.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\pnrpsvc.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\p2psvc.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\P2P.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\msrating.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\ieapfltr.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\IcCoinstall.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\halacpi.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\dxtmsft.dll
2018-01-09 11:39:25 ----A---- C:\Windows\system32\drivers\rdyboost.sys
2018-01-09 11:39:25 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-01-09 11:39:25 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-01-09 11:39:25 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-01-09 11:39:25 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-01-09 11:39:25 ----A---- C:\Windows\system32\drivers\dfsc.sys
2018-01-09 11:39:25 ----A---- C:\Windows\system32\consent.exe
2018-01-09 11:39:25 ----A---- C:\Windows\system32\conhost.exe
2018-01-09 11:39:25 ----A---- C:\Windows\system32\authui.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\vmicsvc.exe
2018-01-09 11:39:24 ----A---- C:\Windows\system32\sspicli.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\PeerDist.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\mscms.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\ie4uinit.exe
2018-01-09 11:39:24 ----A---- C:\Windows\system32\icm32.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\icfupgd.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\fontsub.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\drivers\srvnet.sys
2018-01-09 11:39:24 ----A---- C:\Windows\system32\drivers\pacer.sys
2018-01-09 11:39:24 ----A---- C:\Windows\system32\drivers\netbios.sys
2018-01-09 11:39:24 ----A---- C:\Windows\system32\csrsrv.dll
2018-01-09 11:39:24 ----A---- C:\Windows\system32\appinfo.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\wshqos.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\wshnetbs.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\wfapigp.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\WcsPlugInService.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\vmictimeprovider.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\vmicres.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\traffic.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\PeerDistHttpTrans.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\jscript9diag.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\INETRES.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\dxtrans.dll
2018-01-09 11:39:23 ----A---- C:\Windows\system32\drivers\mpsdrv.sys
2018-01-09 11:39:23 ----A---- C:\Windows\system32\atmlib.dll
2018-01-09 11:39:22 ----A---- C:\Windows\system32\schannel.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-09 11:39:21 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\wdigest.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\TSpkg.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\sspisrv.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\srclient.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\secur32.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\rstrui.exe
2018-01-09 11:39:21 ----A---- C:\Windows\system32\occache.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\ncrypt.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\mshtmled.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\lsass.exe
2018-01-09 11:39:21 ----A---- C:\Windows\system32\lpk.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\jsproxy.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\inseng.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\ieUnatt.exe
2018-01-09 11:39:21 ----A---- C:\Windows\system32\iesetup.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\iernonce.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-01-09 11:39:21 ----A---- C:\Windows\system32\drivers\appid.sys
2018-01-09 11:39:21 ----A---- C:\Windows\system32\dciman32.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\cryptbase.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\credssp.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\comcat.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\bcrypt.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\auditpol.exe
2018-01-09 11:39:21 ----A---- C:\Windows\system32\appidsvc.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-01-09 11:39:21 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-01-09 11:39:21 ----A---- C:\Windows\system32\appidapi.dll
2018-01-09 11:39:21 ----A---- C:\Windows\system32\apisetschema.dll
2018-01-09 11:39:20 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-09 11:39:20 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-09 11:39:20 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-09 11:39:20 ----A---- C:\Windows\system32\oleres.dll
2018-01-09 11:39:20 ----A---- C:\Windows\system32\msxml6r.dll
2018-01-09 11:39:20 ----A---- C:\Windows\system32\msobjs.dll
2018-01-09 11:39:20 ----A---- C:\Windows\system32\msaudite.dll
2018-01-09 11:39:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-01-09 11:39:20 ----A---- C:\Windows\system32\adtschema.dll
2018-01-04 22:34:07 ----A---- C:\Windows\system32\drivers\aswHdsKe.sys
2018-01-04 22:34:00 ----A---- C:\Windows\system32\aswBoot.exe
2017-12-27 13:34:34 ----D---- C:\Program Files\PDF24

======List of files/folders modified in the last 1 month======

2018-01-13 00:26:01 ----D---- C:\Windows\Temp
2018-01-13 00:25:48 ----D---- C:\Windows\Prefetch
2018-01-13 00:25:24 ----RD---- C:\Program Files
2018-01-13 00:15:44 ----D---- C:\Windows\System32
2018-01-13 00:15:44 ----D---- C:\Windows\inf
2018-01-13 00:15:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-01-13 00:10:47 ----HD---- C:\ProgramData
2018-01-12 23:58:13 ----D---- C:\Windows\system32\config
2018-01-12 16:05:30 ----D---- C:\Windows\rescache
2018-01-11 23:03:57 ----D---- C:\Windows\Microsoft.NET
2018-01-11 23:01:23 ----RSD---- C:\Windows\assembly
2018-01-10 22:44:31 ----D---- C:\Windows\system32\drivers
2018-01-10 14:13:10 ----D---- C:\Windows\system32\MRT
2018-01-10 14:04:31 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-01-10 14:04:22 ----AC---- C:\Windows\system32\MRT.exe
2018-01-10 14:03:23 ----SHD---- C:\Windows\Installer
2018-01-10 13:59:30 ----D---- C:\Windows\winsxs
2018-01-10 13:58:42 ----SHD---- C:\System Volume Information
2018-01-10 10:45:39 ----D---- C:\Program Files\TeamViewer
2018-01-10 10:44:55 ----D---- C:\Windows\system32\cs-CZ
2018-01-10 10:44:55 ----D---- C:\Windows\ehome
2018-01-10 10:44:55 ----D---- C:\Program Files\Internet Explorer
2018-01-10 10:44:53 ----D---- C:\Windows\system32\en-US
2018-01-10 10:44:50 ----D---- C:\Windows\AppPatch
2018-01-10 10:44:49 ----D---- C:\Windows\system32\migration
2018-01-10 10:44:49 ----D---- C:\Windows\system32\Boot
2018-01-10 10:44:47 ----D---- C:\Windows\system32\DriverStore
2018-01-09 11:42:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-01-09 11:42:20 ----D---- C:\Windows\system32\Macromed
2018-01-09 11:37:35 ----D---- C:\Windows\system32\catroot2
2018-01-04 22:34:14 ----D---- C:\Windows\system32\Tasks
2017-12-27 12:10:04 ----D---- C:\Windows\system32\drivers\UMDF
2017-12-14 18:03:26 ----D---- C:\Windows\system32\Setup

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2018-01-04 157376]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2018-01-04 276696]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2018-01-04 50344]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-01-04 70832]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-01-04 294680]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 173288]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-01-04 158224]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2018-01-04 255584]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-01-04 118144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-01-04 99528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-01-04 783104]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-01-10 390256]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2017-07-27 37216]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-01-10 123880]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-01-04 151328]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2017-10-28 4877928]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2012-09-20 1303712]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2017-09-15 74112]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2013-05-21 3764224]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-05-24 289792]
R3 MEI;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECI.sys [2013-05-14 56432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 347888]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-01-04 42824]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2017-12-10 816792]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2015-04-30 20256]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-09-27 83984]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-01-04 301168]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg32.exe,-100; C:\Windows\system32\CxAudMsg32.exe [2012-06-08 193184]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2017-09-15 685136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 583680]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-05-31 129848]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-05-31 167736]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2017-06-01 117320]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2017-04-03 113224]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-05-31 364856]
R2 LPlatSvc;Lenovo Platform Service; C:\Windows\system32\LPlatSvc.exe [2017-09-15 747088]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\NLSSRV32.EXE [2012-11-08 70152]
R2 PDF24;PDF24; C:\Program Files\PDF24\pdf24.exe [2017-12-18 433288]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe [2011-01-07 446592]
R2 TeamViewer;TeamViewer 12; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2017-08-29 10803440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2016-12-19 123984]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2016-06-13 132112]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2018-01-04 5906816]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 Power Manager DBC Service;Power Manager Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2017-07-27 1669488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-28 153168]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09 272384]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\system32\IntelCpHeciSvc.exe [2013-06-06 279024]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-28 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-12-29 104960]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 627744]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2017-04-21 47224]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

altrok
Moderátor
Moderátor
Příspěvky: 7256
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Email od UPC - Botnet - malware

#2 Příspěvek od altrok »

Krasny den Vam preju :bye:


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Clean (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Wik24
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 lis 2016 20:24

Re: Email od UPC - Botnet - malware

#3 Příspěvek od Wik24 »

# AdwCleaner 7.0.6.0 - Logfile created on Sat Jan 13 10:47:59 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 7 Professional (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-3223290434-716713168-56790289-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1118 B] - [2018/1/13 10:47:32]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

altrok
Moderátor
Moderátor
Příspěvky: 7256
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Email od UPC - Botnet - malware

#4 Příspěvek od altrok »

:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Wik24
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 lis 2016 20:24

Re: Email od UPC - Botnet - malware

#5 Příspěvek od Wik24 »

Dobrý večer,

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13.01.2018 01
Ran by Alice (administrator) on ALICE-PC (13-01-2018 19:24:18)
Running from C:\Users\Alice\Desktop
Loaded Profiles: Alice (Available Profiles: Alice)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Advanced Audio v2\pcee4.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Users\Alice\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-04] (AVAST Software)
HKLM\...\Run: [PWMTRV] => rundll32 "C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL",PwrMgrBkGndMonitor
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Dolby Advanced Audio v2] => C:\Program Files\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [833184 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49568 2010-10-26] ()
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3223290434-716713168-56790289-1000\...\MountPoints2: {5eef1f69-e7d1-11e7-bc53-c340c8137800} - "F:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{BBA2F779-CD49-4328-B0B6-F0F4184A2875}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\S-1-5-21-3223290434-716713168-56790289-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default [2018-01-13]
CHR Extension: (Prezentace) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-28]
CHR Extension: (Dokumenty) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-28]
CHR Extension: (Disk Google) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-28]
CHR Extension: (YouTube) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-28]
CHR Extension: (Tabulky) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-28]
CHR Extension: (AdBlock) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-08]
CHR Extension: (Avast Online Security) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-28]
CHR Extension: (Gmail) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2018-01-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-04] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-06-06] (Intel Corporation)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [193184 2012-06-08] (Conexant Systems Inc.)
R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [117320 2017-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [113224 2017-04-03] (Lenovo Group Limited)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [747088 2017-09-15] (Lenovo.)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2011-01-07] (Conexant Systems, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [123984 2016-12-19] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [158224 2018-01-04] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255584 2018-01-04] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157376 2018-01-04] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276696 2018-01-04] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50344 2018-01-04] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [118144 2018-01-04] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42824 2018-01-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [123880 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99528 2018-01-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70832 2018-01-04] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783104 2018-01-04] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [390256 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [151328 2018-01-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [294680 2018-01-04] (AVAST Software)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-05-14] (Intel Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2017-12-10] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-13 19:24 - 2018-01-13 19:24 - 000014421 _____ C:\Users\Alice\Desktop\FRST.txt
2018-01-13 19:23 - 2018-01-13 19:24 - 000000000 ____D C:\FRST
2018-01-13 19:19 - 2018-01-13 19:20 - 001753600 _____ (Farbar) C:\Users\Alice\Desktop\FRST.exe
2018-01-13 18:29 - 2018-01-13 18:29 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-13 11:44 - 2018-01-13 11:47 - 000000000 ____D C:\AdwCleaner
2018-01-13 11:44 - 2018-01-13 11:44 - 008198432 _____ (Malwarebytes) C:\Users\Alice\Desktop\adwcleaner_7.0.6.0.exe
2018-01-13 00:25 - 2018-01-13 00:28 - 000000000 ____D C:\Program Files\trend micro
2018-01-13 00:25 - 2018-01-13 00:25 - 001206272 _____ C:\Users\Alice\Downloads\RSIT.exe
2018-01-13 00:25 - 2018-01-13 00:25 - 000000000 ____D C:\rsit
2018-01-09 11:39 - 2018-01-01 03:02 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-09 11:39 - 2018-01-01 03:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-01-09 11:39 - 2018-01-01 02:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-09 11:39 - 2018-01-01 02:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-09 11:39 - 2018-01-01 02:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-09 11:39 - 2018-01-01 02:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-09 11:39 - 2018-01-01 02:54 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-01-09 11:39 - 2018-01-01 02:54 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-09 11:39 - 2018-01-01 02:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-09 11:39 - 2018-01-01 02:54 - 000139496 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-01-09 11:39 - 2018-01-01 02:54 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-09 11:39 - 2018-01-01 02:54 - 000105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-09 11:39 - 2018-01-01 02:54 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-09 11:39 - 2018-01-01 02:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-09 11:39 - 2018-01-01 02:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-01-09 11:39 - 2018-01-01 02:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-09 11:39 - 2018-01-01 02:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-09 11:39 - 2018-01-01 02:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-09 11:39 - 2018-01-01 02:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-09 11:39 - 2018-01-01 02:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-09 11:39 - 2018-01-01 02:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-09 11:39 - 2018-01-01 02:40 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-09 11:39 - 2018-01-01 02:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-09 11:39 - 2018-01-01 02:40 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-09 11:39 - 2018-01-01 02:40 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-09 11:39 - 2018-01-01 02:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-09 11:39 - 2018-01-01 02:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-09 11:39 - 2018-01-01 02:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2018-01-09 11:39 - 2018-01-01 02:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2018-01-09 11:39 - 2018-01-01 02:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-01-09 11:39 - 2018-01-01 02:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-09 11:39 - 2018-01-01 02:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-09 11:39 - 2018-01-01 02:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-09 11:39 - 2018-01-01 02:36 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-09 11:39 - 2018-01-01 02:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-09 11:39 - 2018-01-01 02:35 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-09 11:39 - 2018-01-01 02:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-09 11:39 - 2018-01-01 02:35 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-09 11:39 - 2018-01-01 02:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-09 11:39 - 2018-01-01 02:35 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-09 11:39 - 2018-01-01 02:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-09 11:39 - 2018-01-01 02:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-09 11:39 - 2018-01-01 02:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-09 11:39 - 2018-01-01 02:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-09 11:39 - 2018-01-01 02:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-09 11:39 - 2017-12-30 07:42 - 000347328 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-09 11:39 - 2017-12-29 19:39 - 020274688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-09 11:39 - 2017-12-29 19:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-01-09 11:39 - 2017-12-29 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-01-09 11:39 - 2017-12-29 19:13 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-09 11:39 - 2017-12-29 19:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-09 11:39 - 2017-12-29 19:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-09 11:39 - 2017-12-29 19:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-09 11:39 - 2017-12-29 19:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-09 11:39 - 2017-12-29 19:09 - 002294272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-09 11:39 - 2017-12-29 19:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-09 11:39 - 2017-12-29 19:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-01-09 11:39 - 2017-12-29 19:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-09 11:39 - 2017-12-29 19:03 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-09 11:39 - 2017-12-29 19:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-09 11:39 - 2017-12-29 19:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-09 11:39 - 2017-12-29 19:03 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-09 11:39 - 2017-12-29 18:57 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-09 11:39 - 2017-12-29 18:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-09 11:39 - 2017-12-29 18:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-09 11:39 - 2017-12-29 18:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-09 11:39 - 2017-12-29 18:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-09 11:39 - 2017-12-29 18:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-09 11:39 - 2017-12-29 18:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-09 11:39 - 2017-12-29 18:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-09 11:39 - 2017-12-29 18:45 - 004508160 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-09 11:39 - 2017-12-29 18:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-09 11:39 - 2017-12-29 18:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-09 11:39 - 2017-12-29 18:38 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-09 11:39 - 2017-12-29 18:38 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-09 11:39 - 2017-12-29 18:37 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-09 11:39 - 2017-12-29 18:37 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-09 11:39 - 2017-12-29 18:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-09 11:39 - 2017-12-29 18:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-09 11:39 - 2017-12-29 18:15 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-09 11:39 - 2017-12-29 18:13 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-09 11:39 - 2017-12-21 07:27 - 000535656 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-09 11:39 - 2017-12-13 17:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-09 11:39 - 2017-12-13 17:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-09 11:39 - 2017-12-13 17:11 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-01-09 11:39 - 2017-12-13 17:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-01-09 11:39 - 2017-12-13 16:50 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-09 11:39 - 2017-12-05 18:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-09 11:39 - 2017-12-05 18:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-09 11:39 - 2017-12-05 16:50 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-09 11:39 - 2017-12-05 16:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-05 15:38 - 2018-01-05 15:39 - 000000000 ____D C:\Users\Alice\Desktop\Oblečení prodej
2018-01-05 11:09 - 2018-01-05 11:09 - 000000000 ____D C:\Users\Alice\AppData\Local\LenovoServiceBridge
2018-01-04 22:34 - 2018-01-04 22:33 - 000305840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-04 22:34 - 2018-01-04 22:33 - 000118144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-03 23:54 - 2018-01-03 23:54 - 000129965 _____ C:\Users\Alice\Downloads\Prezidentské-volby-2018-_-Volební-kalkulačka.pdf
2018-01-03 22:09 - 2018-01-03 22:13 - 000000000 ____D C:\Users\Alice\Desktop\Kočičky a křeslo
2018-01-03 17:53 - 2018-01-03 17:53 - 000197054 _____ C:\Users\Alice\Downloads\order-181797920478043.pdf
2017-12-27 13:35 - 2017-12-27 13:35 - 000144707 _____ C:\Users\Alice\Desktop\ŽIVOTOPIS.pdf
2017-12-27 13:34 - 2017-12-27 13:34 - 020844952 _____ (Geek Software GmbH ) C:\Users\Alice\Downloads\pdf24-creator-8.4.0.exe
2017-12-27 13:34 - 2017-12-27 13:34 - 000001820 _____ C:\Users\Public\Desktop\PDF24.lnk
2017-12-27 13:34 - 2017-12-27 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2017-12-27 13:34 - 2017-12-27 13:34 - 000000000 ____D C:\Program Files\PDF24
2017-12-27 12:10 - 2017-12-27 12:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-13 18:37 - 2009-07-14 05:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-13 18:37 - 2009-07-14 05:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-13 18:29 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-13 00:15 - 2017-10-28 10:05 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-13 00:15 - 2009-07-14 09:44 - 000668792 _____ C:\Windows\system32\perfh005.dat
2018-01-13 00:15 - 2009-07-14 09:44 - 000141420 _____ C:\Windows\system32\perfc005.dat
2018-01-13 00:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-01-12 16:05 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2018-01-10 22:44 - 2017-10-28 13:15 - 000390256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 22:44 - 2017-10-28 13:15 - 000123880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-10 14:13 - 2017-10-28 18:42 - 000000000 ____D C:\Windows\system32\MRT
2018-01-10 14:04 - 2017-10-28 18:42 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-10 14:04 - 2017-10-28 18:42 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-10 10:46 - 2009-07-14 05:33 - 000410568 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-10 10:45 - 2017-10-28 11:13 - 000000000 ____D C:\Program Files\TeamViewer
2018-01-09 11:45 - 2017-10-28 11:04 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 11:45 - 2017-10-28 11:04 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-09 11:42 - 2017-10-28 18:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-01-09 11:42 - 2017-10-28 18:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-01-09 11:42 - 2017-10-28 18:23 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-04 22:33 - 2017-11-16 10:10 - 000158224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000783104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000294680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000276696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000255584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000157376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000151328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000099528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000070832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000050344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-01-04 22:33 - 2017-10-28 13:15 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-14 18:03 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\Setup

==================== Files in the root of some directories =======

2017-10-28 13:51 - 2017-10-28 13:51 - 000002102 _____ () C:\Users\Alice\AppData\Local\WiDiSetupLog.20171028.145122.txt
2017-12-10 12:45 - 2017-12-10 12:46 - 000002082 _____ () C:\Users\Alice\AppData\Local\WiDiSetupLog.20171210.124546.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-08 12:35

==================== End of FRST.txt ============================



____________________________________________________________________________________________________________



Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13.01.2018 01
Ran by Alice (13-01-2018 19:24:54)
Running from C:\Users\Alice\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2017-10-28 08:46:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3223290434-716713168-56790289-500 - Administrator - Disabled)
Alice (S-1-5-21-3223290434-716713168-56790289-1000 - Administrator - Enabled) => C:\Users\Alice
Guest (S-1-5-21-3223290434-716713168-56790289-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
aTube Catcher verze 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.20.55.57 - Broadcom Corporation)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.70.1080 - AB Team, d.o.o.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.21 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.86.23 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-3223290434-716713168-56790289-1000\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.8 - Lenovo)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nalpeiron License Management (HKLM\...\{86148F87-2666-42F9-A712-1306176C525C}) (Version: 6.3.9.1 - Nalpeiron) Hidden
PDF24 Creator 8.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.14 - Lenovo Group Limited)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad Wireless LAN Adapter Software (HKLM\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.2 - REALTEK Semiconductor Corp.)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-04] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-04] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-04] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-05-21] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-04] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {074382B3-33F0-4151-9647-2EE68176F59B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-04] (AVAST Software)
Task: {22D7C294-D405-4C4F-BA47-BDD157462238} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-06] (AVAST Software)
Task: {77855765-D936-4957-A9A1-E43D3DED9BD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {7C93D385-5254-46F8-A096-DBD054257EAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-28] (Google Inc.)
Task: {7D94224C-F66C-40BF-8729-E4CB0BBC3002} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {95E32EF0-362B-412A-A53A-FEE42A4DB345} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {994139F9-6EED-464E-9B5E-E943C6D14096} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3223290434-716713168-56790289-1000 => C:\Users\Alice\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-01-04] (Lenovo Group Limited)
Task: {9DFBF597-EBD1-49BA-8C41-4478CF50E682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {9E27A313-F766-499B-9CDE-B76D5614F453} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {DC48150E-D412-4B87-9163-36BD25AC9924} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PwmIdTsv.exe [2017-07-27] (Lenovo Group Limited)
Task: {F04CB723-0E5B-4C30-BD35-2F79C4C95D36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-04 22:33 - 2018-01-04 22:33 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-12 20:01 - 2018-01-12 20:01 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18011202\algo.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-13 18:30 - 2018-01-13 18:30 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18011304\algo.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-10-28 13:37 - 2017-07-27 05:08 - 000104304 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2017-10-28 13:15 - 2017-10-28 13:15 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-28 14:01 - 2010-10-26 11:39 - 000049568 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2017-10-28 13:47 - 2013-05-21 00:17 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2018-01-04 22:33 - 2018-01-04 22:33 - 000196816 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2018-01-09 11:45 - 2018-01-03 09:56 - 003062104 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 11:45 - 2018-01-03 09:56 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-12-10 12:49 - 2013-05-14 06:15 - 001199576 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3223290434-716713168-56790289-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{320CFE82-1B35-4B33-8A61-9617B07A6C10}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [{7A5957F4-60E1-4343-879E-07D86F9C5916}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [{512E072B-BA1C-4191-9DC8-B61284AFC596}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDSendToExplorer.exe
FirewallRules: [{C5D0E7FC-48FE-4AC1-B2B5-3AACF1BBF79F}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDSendToExplorer.exe
FirewallRules: [{F05E8429-7ECB-4576-8F7F-0039DA442DC8}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [{5A037722-2B0F-4445-8795-73E8FBEC7B46}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [{87E72076-845E-4403-B5B9-AEB3428075EF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{9C77EB91-F9E7-43B6-9808-73D59AEFF709}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A3FB7706-5B43-481F-B6CF-32F50F707C1F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF21970C-AEF9-48F8-B09F-81AAEBA3D196}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0E76CE84-F43D-4B9D-A9A8-1AD78203A21D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{69F5839D-F839-4944-8CC2-C41CD88D7DA2}C:\users\alice\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alice\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{AFE0A9FC-D5A0-40C4-AD2A-0B7E61176319}C:\users\alice\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alice\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{91271745-320F-4612-9A66-032F38AB7757}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-12-2017 18:00:16 Windows Update
20-12-2017 21:57:56 Naplánovaný kontrolní bod
28-12-2017 11:04:12 Naplánovaný kontrolní bod
05-01-2018 13:37:57 Naplánovaný kontrolní bod
10-01-2018 02:04:05 Windows Update
10-01-2018 13:58:33 Windows Update

==================== Faulty Device Manager Devices =============

Name: Zařízení PCI
Description: Zařízení PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Síťový adaptér Ethernet
Description: Síťový adaptér Ethernet
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: H5321 gw
Description: H5321 gw
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič USB (Universal Serial Bus)
Description: Řadič USB (Universal Serial Bus)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2018 12:15:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24000, časové razítko: 0x5a499696
Kód výjimky: 0xc000000d
Posun chyby: 0x000977c1
ID chybujícího procesu: 0xff4
Čas spuštění chybující aplikace: 0x01d389f8115b9542
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 97f30b42-f5f7-11e7-9f3c-fb29e4a9ab77

Error: (01/07/2018 11:57:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a7d
Kód výjimky: 0xc0000005
Posun chyby: 0x00052f8b
ID chybujícího procesu: 0x135c
Čas spuštění chybující aplikace: 0x01d387fbc630af95
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 2cd7b1cf-f3fe-11e7-8116-fd663319a470

Error: (01/03/2018 03:05:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a7d
Kód výjimky: 0xc0000005
Posun chyby: 0x00052f8b
ID chybujícího procesu: 0x1568
Čas spuštění chybující aplikace: 0x01d384806c01bf7b
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 1dae4371-f08f-11e7-bc01-da993dc22a6c

Error: (01/02/2018 02:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a7d
Kód výjimky: 0xc0000005
Posun chyby: 0x00052f8b
ID chybujícího procesu: 0x12b0
Čas spuštění chybující aplikace: 0x01d383c3ecab5563
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 8b6d0a88-efc2-11e7-beb5-f9423e824762

Error: (12/23/2017 06:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a7d
Kód výjimky: 0xc000000d
Posun chyby: 0x000977d9
ID chybujícího procesu: 0x150c
Čas spuštění chybující aplikace: 0x01d37bde536ec249
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: f1519691-e802-11e7-bc53-c340c8137800

Error: (12/15/2017 03:07:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a7d
Kód výjimky: 0xc0000005
Posun chyby: 0x00052f8b
ID chybujícího procesu: 0x1218
Čas spuštění chybující aplikace: 0x01d375a31c0445b6
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 4096303e-e1a1-11e7-be19-8a7dd65bdb7c

Error: (12/10/2017 11:09:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a7d
Kód výjimky: 0xc000000d
Posun chyby: 0x000977d9
ID chybujícího procesu: 0xd54
Čas spuštění chybující aplikace: 0x01d371b03d93279f
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: c6cd356a-ddf6-11e7-8ec4-c3e0363bdf48

Error: (12/09/2017 07:44:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TPONSCR.EXE, verze: 8.7.9.0, časové razítko: 0x592bc351
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23915, časové razítko: 0x59b94a7d
Kód výjimky: 0xc0000005
Posun chyby: 0x00052f8b
ID chybujícího procesu: 0x10e0
Čas spuštění chybující aplikace: 0x01d371114761d561
Cesta k chybující aplikaci: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 00667dd4-dd11-11e7-8112-82fe0cdf7763

Error: (12/07/2017 06:20:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Naplánovaný bod obnovení nebylo možné vytvořit. Další informace: (0x81000101).

Error: (12/07/2017 06:20:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Popis = Naplánovaný kontrolní bod; Chyba = 0x81000101).


System errors:
=============
Error: (01/13/2018 11:48:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\bcmihvsrv.dll

Error: (01/13/2018 11:48:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\bcmihvsrv.dll

Error: (01/13/2018 11:48:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\bcmihvsrv.dll

Error: (01/13/2018 11:47:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (01/13/2018 11:47:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (01/13/2018 11:47:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/13/2018 11:47:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/13/2018 11:47:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/13/2018 11:47:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Power Manager Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/13/2018 11:47:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3203.95 MB
Available physical RAM: 1454.1 MB
Total Virtual: 6406.23 MB
Available Virtual: 4493.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.72 GB) (Free:379.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FF299E1F)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=06)

==================== End of Addition.txt ============================

altrok
Moderátor
Moderátor
Příspěvky: 7256
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Email od UPC - Botnet - malware

#6 Příspěvek od altrok »

:arrow: Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868
  • Upozorneni: tento sken zabere od 30 minut po nekolik hodin
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Wik24
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 lis 2016 20:24

Re: Email od UPC - Botnet - malware

#7 Příspěvek od Wik24 »

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 14.01.18
Čas skenování: 12:57
Logovací soubor: 0855846e-f922-11e7-9af3-000000000000.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.262
Aktualizovat verzi balíku komponent: 1.0.3692
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x86
Systém souborů: NTFS
Uživatel: Alice-PC\Alice

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 149360
Zjištěné hrozby: 3
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 1 hod, 46 min, 45 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 3
CrackTool.Agent.Keygen, C:\USERS\ALICE\APPDATA\LOCAL\TEMP\RAR$EXA0.081\BS PLAYER PRO V2.70.1080 HUN\KEYGEN.EXE, Žádná uživatelská akce, [297], [353777],1.0.3692
CrackTool.Agent.Keygen, C:\USERS\ALICE\APPDATA\LOCAL\TEMP\RAR$EXA0.189\BS PLAYER PRO V2.70.1080 HUN\KEYGEN.EXE, Žádná uživatelská akce, [297], [353777],1.0.3692
CrackTool.Agent.Keygen, C:\USERS\ALICE\APPDATA\LOCAL\TEMP\RAR$EXA0.913\BS PLAYER PRO V2.70.1080 HUN\KEYGEN.EXE, Žádná uživatelská akce, [297], [353777],1.0.3692

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

altrok
Moderátor
Moderátor
Příspěvky: 7256
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Email od UPC - Botnet - malware

#8 Příspěvek od altrok »

Na router je pripojena jen vase domacnost nebo mate jedno zarizeni pro vice domacnosti (cela bytovka apod.)?
Jaka dalsi zarizeni na routeru mate pripojena? Tento pocitac je dle dosavadnich logu cisty.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Wik24
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 lis 2016 20:24

Re: Email od UPC - Botnet - malware

#9 Příspěvek od Wik24 »

Ano, je připojena jen naše domácnost, dlouhodobě jeden PC a mobilní telefon, jednou za čas druhý ntb + mobil

altrok
Moderátor
Moderátor
Příspěvky: 7256
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Email od UPC - Botnet - malware

#10 Příspěvek od altrok »

Mohl byste mi preposlat zneni mailu, ve kterem UPC tvrdi, ze jste soucasti botnetu? Pokud jsou v mailu nejake osobni udaje, ty smazte (jmeno, telefon, verejna IP adresa).



:arrow: Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz :arrow: Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete antiviry a vsechny real-time ochrany
  • spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
  • s licencnimi podminkami souhlaste - Ano
  • pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
  • v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
  • vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Wik24
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 lis 2016 20:24

Re: Email od UPC - Botnet - malware

#11 Příspěvek od Wik24 »

Rkill:

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/15/2018 11:18:17 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001


____________________________________________________________________________________________________________


ComboFix:

ComboFix 18-01-10.01 - Alice 15.01.2018 23:24:22.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3204.1925 [GMT 1:00]
Spuštěný z: c:\users\Alice\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-12-15 do 2018-01-15 )))))))))))))))))))))))))))))))
.
.
2018-01-15 22:29 . 2018-01-15 22:29 -------- d-----w- c:\users\Alice\AppData\Local\temp
2018-01-15 22:29 . 2018-01-15 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-01-15 13:44 . 2018-01-15 13:44 -------- d-----w- c:\programdata\SWCUTemp
2018-01-14 11:54 . 2017-11-29 08:11 59896 ----a-w- c:\windows\system32\drivers\mbae.sys
2018-01-14 11:54 . 2018-01-14 11:54 -------- d-----w- c:\programdata\Malwarebytes
2018-01-14 11:54 . 2018-01-14 11:54 -------- d-----w- c:\program files\Malwarebytes
2018-01-13 18:23 . 2018-01-13 18:25 -------- d-----w- C:\FRST
2018-01-13 10:44 . 2018-01-13 10:47 -------- d-----w- C:\AdwCleaner
2018-01-12 23:25 . 2018-01-12 23:28 -------- d-----w- c:\program files\trend micro
2018-01-12 23:25 . 2018-01-12 23:25 -------- d-----w- C:\rsit
2018-01-05 10:09 . 2018-01-05 10:09 -------- d-----w- c:\users\Alice\AppData\Local\LenovoServiceBridge
2018-01-04 21:34 . 2018-01-04 21:33 118144 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2018-01-04 21:34 . 2018-01-04 21:33 305840 ----a-w- c:\windows\system32\aswBoot.exe
2017-12-27 12:34 . 2017-12-27 12:34 -------- d-----w- c:\program files\PDF24
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-10 21:44 . 2017-10-28 12:15 390256 ----a-w- c:\windows\system32\drivers\aswSP.sys
2018-01-10 21:44 . 2017-10-28 12:15 123880 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2018-01-10 13:04 . 2017-10-28 17:42 126487616 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2018-01-09 10:42 . 2017-10-28 17:24 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-01-09 10:42 . 2017-10-28 17:24 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-01-04 21:33 . 2017-11-16 09:10 158224 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2018-01-04 21:33 . 2017-10-28 12:15 294680 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2018-01-04 21:33 . 2017-10-28 12:15 151328 ----a-w- c:\windows\system32\drivers\aswStm.sys
2018-01-04 21:33 . 2017-10-28 12:15 70832 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2018-01-04 21:33 . 2017-10-28 12:15 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2018-01-04 21:33 . 2017-10-28 12:15 99528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2018-01-04 21:33 . 2017-10-28 12:15 783104 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2018-01-04 21:33 . 2017-10-28 12:15 50344 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2018-01-04 21:33 . 2017-10-28 12:15 276696 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2018-01-04 21:33 . 2017-10-28 12:15 255584 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2018-01-04 21:33 . 2017-10-28 12:15 157376 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2018-01-01 16:12 . 2018-01-09 10:39 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2018-01-01 02:00 . 2018-01-09 10:39 141312 ----a-w- c:\windows\system32\rpchttp.dll
2018-01-01 02:00 . 2018-01-09 10:39 254464 ----a-w- c:\windows\system32\schannel.dll
2017-12-10 11:39 . 2017-10-28 13:15 816792 ----a-w- c:\windows\system32\drivers\pmxdrv.sys
2017-11-07 16:13 . 2017-12-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2017-11-04 15:10 . 2017-12-13 13:45 158720 ----a-w- c:\windows\system32\itircl.dll
2017-11-04 15:10 . 2017-12-13 13:45 142336 ----a-w- c:\windows\system32\itss.dll
2017-11-02 15:11 . 2017-12-13 13:45 115200 ----a-w- c:\windows\system32\rtm.dll
2017-11-02 15:11 . 2017-12-13 13:45 75264 ----a-w- c:\windows\system32\mprdim.dll
2017-11-02 15:11 . 2017-12-13 13:45 271360 ----a-w- c:\windows\system32\iprtrmgr.dll
2017-11-02 14:56 . 2017-12-13 13:45 8192 ----a-w- c:\windows\system32\iprtprio.dll
2017-10-31 17:27 . 2017-10-31 17:27 86016 ----a-w- c:\windows\system32\iesysprep.dll
2017-10-31 17:27 . 2017-10-31 17:27 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2017-10-31 17:27 . 2017-10-31 17:27 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2017-10-31 17:27 . 2017-10-31 17:27 645120 ----a-w- c:\windows\system32\jsIntl.dll
2017-10-31 17:27 . 2017-10-31 17:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2017-10-31 17:27 . 2017-10-31 17:27 36352 ----a-w- c:\windows\system32\imgutil.dll
2017-10-31 17:27 . 2017-10-31 17:27 24576 ----a-w- c:\windows\system32\licmgr10.dll
2017-10-31 17:27 . 2017-10-31 17:27 194048 ----a-w- c:\windows\system32\elshyph.dll
2017-10-31 17:27 . 2017-10-31 17:27 182272 ----a-w- c:\windows\system32\msls31.dll
2017-10-31 17:27 . 2017-10-31 17:27 151552 ----a-w- c:\windows\system32\iexpress.exe
2017-10-31 17:27 . 2017-10-31 17:27 139264 ----a-w- c:\windows\system32\wextract.exe
2017-10-31 17:27 . 2017-10-31 17:27 13312 ----a-w- c:\windows\system32\mshta.exe
2017-10-31 17:27 . 2017-10-31 17:27 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2017-10-31 17:24 . 2017-10-31 17:24 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2017-10-31 17:24 . 2017-10-31 17:24 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 293376 ----a-w- c:\windows\system32\dxgi.dll
2017-10-31 17:24 . 2017-10-31 17:24 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-10-31 17:24 . 2017-10-31 17:24 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2017-10-31 17:24 . 2017-10-31 17:24 220160 ----a-w- c:\windows\system32\d3d10core.dll
2017-10-31 17:24 . 2017-10-31 17:24 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2017-10-31 17:24 . 2017-10-31 17:24 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2017-10-31 17:24 . 2017-10-31 17:24 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2017-10-31 17:24 . 2017-10-31 17:24 1080832 ----a-w- c:\windows\system32\d3d10.dll
2017-10-31 17:24 . 2017-10-31 17:24 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-10-29 21:41 . 2017-10-29 21:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2017-10-29 21:38 . 2017-10-29 21:38 1505280 ----a-w- c:\windows\system32\d3d11.dll
2017-10-28 21:25 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2017-10-28 12:15 . 2017-10-28 12:15 921280 ----a-w- c:\windows\ucrtbase.dll
2017-10-28 10:19 . 2017-10-28 10:19 11263584 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F94F7FF-DF4F-46B1-AD52-75AD5D48BB7C}\mpengine.dll
2017-10-28 09:41 . 2017-10-28 09:41 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2017-10-28 09:41 . 2017-10-28 09:41 91488 ----a-w- c:\windows\system32\bcmwlcoi.dll
2017-10-28 09:41 . 2017-10-28 09:41 4877928 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2017-10-28 09:41 . 2017-10-28 09:41 4247552 ----a-w- c:\windows\system32\bcmihvsrv.dll
2017-10-28 09:41 . 2017-10-28 09:41 3645440 ----a-w- c:\windows\system32\bcmihvui.dll
2017-10-18 02:24 . 2017-11-16 09:14 11776 ----a-w- c:\windows\system32\drivers\cs-CZ\usbhub.sys.mui
2017-10-18 02:24 . 2017-11-16 09:14 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\usbehci.sys.mui
2017-10-18 02:19 . 2017-11-16 09:14 25088 ----a-w- c:\windows\system32\drivers\cs-CZ\usbport.sys.mui
2017-10-18 02:16 . 2017-11-16 09:14 114408 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-10-18 02:11 . 2017-11-16 09:14 488448 ----a-w- c:\windows\system32\aeinv.dll
2017-10-18 01:55 . 2017-11-16 09:14 259584 ----a-w- c:\windows\system32\drivers\usbhub.sys
2017-10-18 01:55 . 2017-11-16 09:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2017-10-18 01:55 . 2017-11-16 09:14 285696 ----a-w- c:\windows\system32\drivers\usbport.sys
2017-10-18 01:55 . 2017-11-16 09:14 46592 ----a-w- c:\windows\system32\drivers\usbehci.sys
2017-10-18 01:55 . 2017-11-16 09:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2017-10-18 01:55 . 2017-11-16 09:14 24576 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2017-10-18 01:55 . 2017-11-16 09:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-01-04 21:33 1386968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-01-04 246120]
"PWMTRV"="c:\program files\ThinkPad\Utilities\PWMTR32V.DLL" [2017-07-27 4821368]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"Dolby Advanced Audio v2"="c:\program files\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508656]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2012-06-14 833184]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49568]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-31 132920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-06 181232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-06-06 189936]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2017-12-18 433288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2018-01-04 151328]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-11-01 4563920]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2018-01-04 5906816]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2018-01-04 42824]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-12-29 104960]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 627744]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2017-12-10 816792]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-04-29 20256]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [2018-01-04 157376]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [2018-01-04 276696]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [2018-01-04 50344]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2018-01-04 70832]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2018-01-04 294680]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [2018-01-04 158224]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2018-01-04 255584]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [2018-01-04 118144]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2018-01-04 783104]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2018-01-10 390256]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2018-01-10 123880]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2012-06-08 193184]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-12-10 583680]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-05-31 129848]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-05-31 167736]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2017-06-01 117320]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2017-04-03 113224]
S2 LPlatSvc;Lenovo Platform Service;c:\windows\system32\LPlatSvc.exe [2017-09-14 747088]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-11-08 70152]
S2 PDF24;PDF24;c:\program files\PDF24\pdf24.exe [2017-12-18 433288]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2011-01-07 446592]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2016-12-19 123984]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2016-06-13 132112]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-05-24 289792]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2013-05-14 56432]
S3 Power Manager DBC Service;Power Manager Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2017-07-27 1669488]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-01-09 10:43 1538904 ----a-w- c:\program files\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3223290434-716713168-56790289-1000\@*rn*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-3223290434-716713168-56790289-1000\@*Ýn*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-3223290434-716713168-56790289-1000\4łe*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-3223290434-716713168-56790289-1000\c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE*m4h.dll]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-01-15 23:30:18
ComboFix-quarantined-files.txt 2018-01-15 22:30
.
Před spuštěním: Volných bajtů: 420 790 091 776
Po spuštění: Volných bajtů: 421 072 441 344
.
- - End Of File - - 76F601D5C3B68820BD69542EA486E661
A36C5E4F47E84449FF07ED3517B43A31
Přílohy
Vážený zákazníku.pdf
(38.9 KiB) Staženo 59 x

altrok
Moderátor
Moderátor
Příspěvky: 7256
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Email od UPC - Botnet - malware

#12 Příspěvek od altrok »

Odinstalujte MBAM.

Poprosim vas, abyste kontaktoval technicke oddeleni UPC (dle instrukci v mailu) se zadosti o blizsi informace ohledne tohoto incidentu. Pokud mozno napr. MAC adresa zdrojoveho zarizeni nebo jine (nejlepe jednoznacne) technicke identifikatory.
Idealne kdyz vam to poslou opet mailem.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Odpovědět