Stále vyskakující reklamy

Zpráva

Kalashnikow88 · #1 Příspěvek od **Kalashnikow88** » 01 dub 2018 14:21

Dobrý den, potřeboval bych pomoct, asi mám nějaké škodíky v PC. Stále mi vyskakují reklamy v prohlížeči. Log z FRST níže a v příloze log Addition.

Děkuji za pomoc

Log zde:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Radek (administrator) on RADEK-PC (01-04-2018 15:14:46)
Running from C:\Users\Radek\Desktop
Loaded Profiles: Radek (Available Profiles: Radek)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Viber Media S.Ã r.l.) C:\Users\Radek\AppData\Local\Viber\Viber.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel(R) Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DellAccessSystray] => C:\Program Files\Dell\Dell Data Protection\Access\DellAccessSysTray.exe [101720 2013-03-11] (Wave Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-13] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [Viber] => C:\Users\Radek\AppData\Local\Viber\Viber.exe [36126280 2018-03-12] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [GoogleChromeAutoLaunch_B3B6E01C1938511DBEAEB814D5F967BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Radek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {051c0d54-2517-11e8-a909-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {051c0d5f-2517-11e8-a909-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {27ee3eee-2b5c-11e7-a846-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {a4a559b3-8d96-11e7-94c0-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
Lsa: [Authentication Packages] msv1_0 wvauth
ShellExecuteHooks: No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} - C:\Users\Radek\AppData\Roaming\Gijerwardarement\Ckonagetoperght.dll -> No File <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-08-05]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-05-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A475F1B2-4784-4BFE-80D1-6C4936C7FB13}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {0E93EDD6-24A0-4BE8-99DE-5D81F1EFCFCE} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {15E39902-1F9F-4C0B-B1B8-35663B956567} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {34F19796-3429-433E-9D46-4962BBE91C6A} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {351E25E9-C8D7-407A-BF03-C87A4084C49E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {4CAC7048-BD25-4DB6-90A9-BFC2381EF856} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {5F19D1CD-7B23-4F49-B9CB-F75695558923} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {7C5AC2D9-A283-4227-9321-6DB2AE06586D} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {8331694F-F9B9-4BE7-8C83-79089BFEAD0F} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {F05EFD3F-7F12-4BEF-AB78-4D352890ACE3} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR DefaultSearchURL: ChromeDefaultData -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C210CZ91075D20161203&p={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> mcafee
CHR Profile: C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-04-01] <==== ATTENTION
CHR Extension: (Tipli do prohlížeče) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2018-03-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-06]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Seznam pro Chrome - Esko) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-330345402-810464471-2490009223-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-330345402-810464471-2490009223-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-13] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-03-12] (SolidWorks) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-13] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-13] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-13] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-13] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-13] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-13] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-13] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-13] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-13] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-13] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-13] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-10] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-10] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-19] ()
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-24] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2018-03-31] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-24] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R1 QuickCryptoOTFE; C:\Windows\System32\DRIVERS\QuickCryptoOTFE-x64.sys [233648 2013-11-23] (QuickCryptoOTFE Foundation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 15:14 - 2018-04-01 15:16 - 000023465 _____ C:\Users\Radek\Desktop\FRST.txt
2018-04-01 15:14 - 2018-04-01 15:14 - 000000000 ____D C:\FRST
2018-04-01 15:11 - 2018-04-01 15:11 - 002403328 _____ (Farbar) C:\Users\Radek\Desktop\FRST64.exe
2018-03-31 19:41 - 2018-04-01 14:51 - 000000000 ____D C:\Users\Radek\Desktop\Moninec
2018-03-30 08:16 - 2018-04-01 15:10 - 000005012 _____ C:\Windows\System32\Tasks\WSCEAA
2018-03-26 19:51 - 2018-03-26 19:51 - 000168868 _____ C:\Users\Radek\Desktop\Poptávka.pdf
2018-03-25 17:57 - 2018-03-27 22:19 - 000112128 ___SH C:\Users\Radek\Desktop\Thumbs.db
2018-03-24 19:58 - 2018-03-13 18:52 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-20 22:26 - 2018-03-20 22:26 - 000009496 _____ C:\Users\Radek\Desktop\Sešit1.xlsx
2018-03-19 22:50 - 2018-03-19 22:50 - 000137979 _____ C:\Users\Radek\Downloads\21065_pokus-sklad-2.zip
2018-03-15 18:13 - 2018-03-18 20:44 - 000000000 ____D C:\Users\Radek\AppData\Local\Viber
2018-03-13 19:15 - 2018-04-01 13:08 - 000000000 ____D C:\Users\Radek\Desktop\pleny
2018-03-11 20:39 - 2018-03-11 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikace MB
2018-03-11 20:39 - 2018-03-11 20:39 - 000000000 ____D C:\Aplikace MB
2018-03-11 20:39 - 2009-09-03 13:08 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2018-03-11 20:34 - 2018-03-11 20:35 - 013870398 _____ C:\Users\Radek\Downloads\skldm.zip
2018-03-11 20:32 - 2018-03-11 20:35 - 103665455 _____ C:\Users\Radek\Downloads\opencontrol-1.2.zip
2018-03-11 15:22 - 2018-03-11 15:22 - 000000000 ____D C:\Users\Radek\Downloads\SKLAD_V1.4
2018-03-11 15:04 - 2018-03-11 15:10 - 001527808 _____ C:\Users\Radek\Documents\Prodejní kanál.accdb
2018-03-11 13:53 - 2018-03-11 14:29 - 000000000 ____D C:\Program Files (x86)\Trell
2018-03-11 13:53 - 2018-03-11 14:04 - 000000000 ____D C:\Program Files\Ztrl
2018-03-11 13:53 - 2018-03-11 13:53 - 000000005 _____ C:\Program Files\trl.trl
2018-03-11 13:53 - 2018-03-11 13:53 - 000000000 ____D C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trell
2018-03-11 13:53 - 2018-03-11 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trell
2018-03-11 13:06 - 2018-03-11 13:06 - 000000000 ____D C:\Users\Radek\Desktop\807prodej
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Radek\.android
2018-03-11 12:57 - 2018-03-11 12:57 - 000000991 _____ C:\Users\Public\Desktop\HiSuite.lnk
2018-03-11 12:57 - 2018-03-11 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2018-03-11 12:57 - 2018-03-11 12:57 - 000000000 ____D C:\Program Files (x86)\HiSuite
2018-03-11 12:57 - 2017-07-26 09:58 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2018-03-11 12:53 - 2018-03-11 12:53 - 000000000 ____D C:\Users\Radek\Documents\HiSuite
2018-03-11 12:52 - 2017-07-26 09:58 - 002152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2018-03-11 12:52 - 2017-07-26 09:58 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2018-03-11 12:52 - 2017-07-26 09:58 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2018-03-11 12:52 - 2017-07-26 09:58 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2018-03-11 12:46 - 2018-03-11 12:58 - 000000000 ____D C:\Users\Radek\AppData\Local\Hisuite

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 15:15 - 2009-07-14 06:45 - 000014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-01 15:15 - 2009-07-14 06:45 - 000014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-01 14:55 - 2016-05-31 17:12 - 000000000 ____D C:\Users\Radek\Documents\ViberDownloads
2018-03-31 20:17 - 2009-07-14 17:18 - 000668792 _____ C:\Windows\system32\perfh005.dat
2018-03-31 20:17 - 2009-07-14 17:18 - 000141420 _____ C:\Windows\system32\perfc005.dat
2018-03-31 20:17 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-31 20:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-03-31 18:54 - 2017-10-04 08:11 - 000000000 ____D C:\Users\Radek\AppData\Roaming\Seznam.cz
2018-03-31 18:49 - 2017-01-12 22:28 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-03-31 18:49 - 2016-05-28 12:13 - 000000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-03-31 18:49 - 2016-05-28 08:29 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-03-31 18:48 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-29 20:16 - 2016-12-03 18:08 - 000000000 ____D C:\Users\Radek\AppData\Roaming\ViberPC
2018-03-28 12:18 - 2017-10-04 08:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-27 22:18 - 2017-02-12 16:03 - 000556477 _____ C:\Users\Radek\Desktop\Radek Troch.pdf
2018-03-26 09:23 - 2017-03-15 22:57 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-25 17:58 - 2017-12-04 20:01 - 000000000 ____D C:\Users\Radek\Desktop\807
2018-03-25 11:06 - 2009-07-14 05:20 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-25 10:21 - 2016-05-28 08:00 - 000000000 ____D C:\Users\Radek
2018-03-25 10:11 - 2016-12-30 23:17 - 000016384 ___SH C:\Users\Radek\Thumbs.db
2018-03-24 20:03 - 2016-10-08 14:03 - 000000000 ____D C:\Users\Radek\Desktop\Praotec_Cikán
2018-03-24 19:59 - 2016-12-03 18:09 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-24 19:20 - 2016-12-03 18:03 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-23 03:31 - 2017-01-10 22:41 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 03:31 - 2017-01-10 22:41 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-19 22:55 - 2016-05-28 12:50 - 000000000 ____D C:\Users\Radek\AppData\Local\Microsoft Help
2018-03-13 22:43 - 2017-07-23 20:50 - 000000000 ____D C:\Users\Radek\Desktop\Aktuální_foto_%3b)
2018-03-13 18:52 - 2017-11-17 21:34 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-13 18:51 - 2017-09-23 02:58 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-03-13 18:51 - 2016-12-03 18:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-11 12:56 - 2016-06-08 20:43 - 000000000 ____D C:\Users\Radek\Documents\Corel
2018-03-11 12:56 - 2016-06-08 20:43 - 000000000 ____D C:\Users\Radek\AppData\Roaming\Corel
2018-03-11 12:55 - 2016-06-08 20:39 - 000000000 ____D C:\ProgramData\Corel
2018-03-11 12:55 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-03-11 12:45 - 2016-05-31 17:34 - 000000000 ____D C:\ProgramData\Adobe
2018-03-11 12:44 - 2016-05-31 17:36 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-11 12:43 - 2016-06-06 20:36 - 000000000 ____D C:\Program Files\Common Files\Adobe

==================== Files in the root of some directories =======

2018-03-11 13:53 - 2018-03-11 13:53 - 000000005 _____ () C:\Program Files\trl.trl
2017-01-06 09:59 - 2017-01-06 09:59 - 000004608 _____ () C:\Users\Radek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2017-10-04 20:59 - 2015-01-26 16:59 - 000060296 _____ (Autodesk, Inc.) C:\Users\Radek\AppData\Local\Temp\AcDeltree.exe
2017-10-31 20:37 - 2018-01-15 20:35 - 000534528 _____ () C:\Users\Radek\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 11:38

==================== End of FRST.txt ============================

#2 Příspěvek od **Rudy** » 01 dub 2018 14:52

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Kalashnikow88 · #3 Příspěvek od **Kalashnikow88** » 01 dub 2018 17:24

# AdwCleaner 7.0.8.0 - Logfile created on Sun Apr 01 16:16:18 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files\\MK
Deleted: C:\Users\Radek\AppData\Local\snare
Deleted: C:\Users\Radek\AppData\Local\Everness
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Solvusoft
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft
Deleted: C:\Insist
Deleted: C:\Windows\\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}

***** [ Files ] *****

Deleted: C:\Users\All Users\Documents\\temp.dat
Deleted: C:\Users\Public\Documents\\temp.dat

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNARE
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{44ACBA46-FE2E-499D-B33A-1E050B11101D}
Deleted: [Key] - HKLM\SOFTWARE\Everness
Deleted: [Key] - HKU\S-1-5-21-330345402-810464471-2490009223-1000\Software\Everness
Deleted: [Key] - HKCU\Software\Everness
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\solvusoft.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.solvusoft.com
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|Kitty
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\ProgramData\Solvusoft\Programs Bar\

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [8024 B] - [2017/4/28 16:52:46]
C:/AdwCleaner/AdwCleaner[S0].txt - [10044 B] - [2017/4/28 16:49:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [3235 B] - [2018/4/1 16:6:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Kalashnikow88 · #4 Příspěvek od **Kalashnikow88** » 01 dub 2018 17:24

# AdwCleaner 7.0.8.0 - Logfile created on Sun Apr 01 16:06:24 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-30.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.Elex, C:\Program Files\MK
Adware.Elex, C:\Users\Radek\AppData\Local\snare
Adware.Ghokswa, C:\Users\Radek\AppData\Local\Everness
PUP.Optional.Solvusoft, C:\Windows\System32\config\systemprofile\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft
Adware.ELEX.NL, C:\Insist
PUP.Optional.DriverDoc, C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}

***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\All Users\Documents\temp.dat
PUP.Optional.Legacy, C:\Users\Public\Documents\temp.dat

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.Elex, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | SNARE
Adware.Ghokswa, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {44ACBA46-FE2E-499D-B33A-1E050B11101D}
Adware.Ghokswa, [Key] - HKLM\SOFTWARE\Everness
Adware.Ghokswa, [Key] - HKU\S-1-5-21-330345402-810464471-2490009223-1000\Software\Everness
Adware.Ghokswa, [Key] - HKCU\Software\Everness
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\solvusoft.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.solvusoft.com
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | Kitty
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe
PUP.Optional.Solvusoft, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\ProgramData\Solvusoft\Programs Bar\

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [8024 B] - [2017/4/28 16:52:46]
C:/AdwCleaner/AdwCleaner[S0].txt - [10044 B] - [2017/4/28 16:49:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

#5 Příspěvek od **Rudy** » 01 dub 2018 18:47

Dejte nový log FRST.

Kalashnikow88 · #6 Příspěvek od **Kalashnikow88** » 01 dub 2018 21:44

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Radek (administrator) on RADEK-PC (01-04-2018 22:38:08)
Running from C:\Users\Radek\Desktop
Loaded Profiles: Radek (Available Profiles: Radek)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Viber Media S.Ã r.l.) C:\Users\Radek\AppData\Local\Viber\Viber.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel(R) Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DellAccessSystray] => C:\Program Files\Dell\Dell Data Protection\Access\DellAccessSysTray.exe [101720 2013-03-11] (Wave Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-13] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [Viber] => C:\Users\Radek\AppData\Local\Viber\Viber.exe [36126280 2018-03-12] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [GoogleChromeAutoLaunch_B3B6E01C1938511DBEAEB814D5F967BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Radek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {051c0d54-2517-11e8-a909-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {051c0d5f-2517-11e8-a909-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {27ee3eee-2b5c-11e7-a846-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {a4a559b3-8d96-11e7-94c0-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
Lsa: [Authentication Packages] msv1_0 wvauth
ShellExecuteHooks: No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} - C:\Users\Radek\AppData\Roaming\Gijerwardarement\Ckonagetoperght.dll -> No File <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-08-05]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-05-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A475F1B2-4784-4BFE-80D1-6C4936C7FB13}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {0E93EDD6-24A0-4BE8-99DE-5D81F1EFCFCE} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {15E39902-1F9F-4C0B-B1B8-35663B956567} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {34F19796-3429-433E-9D46-4962BBE91C6A} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {351E25E9-C8D7-407A-BF03-C87A4084C49E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {4CAC7048-BD25-4DB6-90A9-BFC2381EF856} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {5F19D1CD-7B23-4F49-B9CB-F75695558923} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {7C5AC2D9-A283-4227-9321-6DB2AE06586D} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {8331694F-F9B9-4BE7-8C83-79089BFEAD0F} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-330345402-810464471-2490009223-1000 -> {F05EFD3F-7F12-4BEF-AB78-4D352890ACE3} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR DefaultSearchURL: ChromeDefaultData -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C210CZ91075D20161203&p={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> mcafee
CHR Profile: C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-04-01] <==== ATTENTION
CHR Extension: (Tipli do prohlížeče) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2018-03-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-06]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Seznam pro Chrome - Esko) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-330345402-810464471-2490009223-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-330345402-810464471-2490009223-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-13] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-03-12] (SolidWorks) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-13] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-13] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-13] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-13] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-13] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-13] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-13] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-13] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-13] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-13] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-13] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-10] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-10] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-19] ()
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-24] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2018-04-01] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-24] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R1 QuickCryptoOTFE; C:\Windows\System32\DRIVERS\QuickCryptoOTFE-x64.sys [233648 2013-11-23] (QuickCryptoOTFE Foundation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 18:20 - 2018-04-01 18:20 - 000003137 _____ C:\Users\Radek\Desktop\AdwCleaner[C1].txt
2018-04-01 18:14 - 2018-04-01 18:14 - 000003235 _____ C:\Users\Radek\Desktop\AdwCleaner[S1].txt
2018-04-01 18:03 - 2018-04-01 18:03 - 008222496 _____ (Malwarebytes) C:\Users\Radek\Desktop\adwcleaner_7.0.8.0.exe
2018-04-01 15:20 - 2018-04-01 15:20 - 000011063 _____ C:\Users\Radek\Desktop\Addition.rar
2018-04-01 15:16 - 2018-04-01 15:18 - 000036891 _____ C:\Users\Radek\Desktop\Addition.txt
2018-04-01 15:14 - 2018-04-01 22:39 - 000023265 _____ C:\Users\Radek\Desktop\FRST.txt
2018-04-01 15:14 - 2018-04-01 22:38 - 000000000 ____D C:\FRST
2018-04-01 15:11 - 2018-04-01 15:11 - 002403328 _____ (Farbar) C:\Users\Radek\Desktop\FRST64.exe
2018-03-31 19:41 - 2018-04-01 14:51 - 000000000 ____D C:\Users\Radek\Desktop\Moninec
2018-03-30 08:16 - 2018-04-01 22:34 - 000005014 _____ C:\Windows\System32\Tasks\WSCEAA
2018-03-26 19:51 - 2018-03-26 19:51 - 000168868 _____ C:\Users\Radek\Desktop\Poptávka.pdf
2018-03-25 17:57 - 2018-03-27 22:19 - 000112128 ___SH C:\Users\Radek\Desktop\Thumbs.db
2018-03-24 19:58 - 2018-03-13 18:52 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-20 22:26 - 2018-03-20 22:26 - 000009496 _____ C:\Users\Radek\Desktop\Sešit1.xlsx
2018-03-19 22:50 - 2018-03-19 22:50 - 000137979 _____ C:\Users\Radek\Downloads\21065_pokus-sklad-2.zip
2018-03-15 18:13 - 2018-03-18 20:44 - 000000000 ____D C:\Users\Radek\AppData\Local\Viber
2018-03-13 19:15 - 2018-04-01 22:37 - 000000000 ____D C:\Users\Radek\Desktop\pleny
2018-03-11 20:39 - 2018-03-11 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikace MB
2018-03-11 20:39 - 2018-03-11 20:39 - 000000000 ____D C:\Aplikace MB
2018-03-11 20:39 - 2009-09-03 13:08 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2018-03-11 20:34 - 2018-03-11 20:35 - 013870398 _____ C:\Users\Radek\Downloads\skldm.zip
2018-03-11 20:32 - 2018-03-11 20:35 - 103665455 _____ C:\Users\Radek\Downloads\opencontrol-1.2.zip
2018-03-11 15:22 - 2018-03-11 15:22 - 000000000 ____D C:\Users\Radek\Downloads\SKLAD_V1.4
2018-03-11 15:04 - 2018-03-11 15:10 - 001527808 _____ C:\Users\Radek\Documents\Prodejní kanál.accdb
2018-03-11 13:53 - 2018-03-11 14:29 - 000000000 ____D C:\Program Files (x86)\Trell
2018-03-11 13:53 - 2018-03-11 14:04 - 000000000 ____D C:\Program Files\Ztrl
2018-03-11 13:53 - 2018-03-11 13:53 - 000000005 _____ C:\Program Files\trl.trl
2018-03-11 13:53 - 2018-03-11 13:53 - 000000000 ____D C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trell
2018-03-11 13:53 - 2018-03-11 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trell
2018-03-11 13:06 - 2018-03-11 13:06 - 000000000 ____D C:\Users\Radek\Desktop\807prodej
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Radek\.android
2018-03-11 12:57 - 2018-03-11 12:57 - 000000991 _____ C:\Users\Public\Desktop\HiSuite.lnk
2018-03-11 12:57 - 2018-03-11 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2018-03-11 12:57 - 2018-03-11 12:57 - 000000000 ____D C:\Program Files (x86)\HiSuite
2018-03-11 12:57 - 2017-07-26 09:58 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2018-03-11 12:57 - 2017-07-26 09:58 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2018-03-11 12:53 - 2018-03-11 12:53 - 000000000 ____D C:\Users\Radek\Documents\HiSuite
2018-03-11 12:52 - 2017-07-26 09:58 - 002152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2018-03-11 12:52 - 2017-07-26 09:58 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2018-03-11 12:52 - 2017-07-26 09:58 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2018-03-11 12:52 - 2017-07-26 09:58 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2018-03-11 12:46 - 2018-03-11 12:58 - 000000000 ____D C:\Users\Radek\AppData\Local\Hisuite

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 18:31 - 2009-07-14 06:45 - 000014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-01 18:31 - 2009-07-14 06:45 - 000014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-01 18:24 - 2017-10-04 08:11 - 000000000 ____D C:\Users\Radek\AppData\Roaming\Seznam.cz
2018-04-01 18:21 - 2017-01-12 22:28 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-04-01 18:21 - 2016-05-28 12:13 - 000000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-04-01 18:18 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-01 18:16 - 2017-01-05 21:46 - 000000000 ____D C:\AdwCleaner
2018-04-01 15:54 - 2016-05-31 17:12 - 000000000 ____D C:\Users\Radek\Documents\ViberDownloads
2018-03-31 20:17 - 2009-07-14 17:18 - 000668792 _____ C:\Windows\system32\perfh005.dat
2018-03-31 20:17 - 2009-07-14 17:18 - 000141420 _____ C:\Windows\system32\perfc005.dat
2018-03-31 20:17 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-31 20:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-03-31 18:49 - 2016-05-28 08:29 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-03-29 20:16 - 2016-12-03 18:08 - 000000000 ____D C:\Users\Radek\AppData\Roaming\ViberPC
2018-03-28 12:18 - 2017-10-04 08:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-27 22:18 - 2017-02-12 16:03 - 000556477 _____ C:\Users\Radek\Desktop\Radek Troch.pdf
2018-03-26 09:23 - 2017-03-15 22:57 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-25 17:58 - 2017-12-04 20:01 - 000000000 ____D C:\Users\Radek\Desktop\807
2018-03-25 11:06 - 2009-07-14 05:20 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-25 10:21 - 2016-05-28 08:00 - 000000000 ____D C:\Users\Radek
2018-03-25 10:11 - 2016-12-30 23:17 - 000016384 ___SH C:\Users\Radek\Thumbs.db
2018-03-24 20:03 - 2016-10-08 14:03 - 000000000 ____D C:\Users\Radek\Desktop\Praotec_Cikán
2018-03-24 19:59 - 2016-12-03 18:09 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-24 19:20 - 2016-12-03 18:03 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-23 03:31 - 2017-01-10 22:41 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 03:31 - 2017-01-10 22:41 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-19 22:55 - 2016-05-28 12:50 - 000000000 ____D C:\Users\Radek\AppData\Local\Microsoft Help
2018-03-13 22:43 - 2017-07-23 20:50 - 000000000 ____D C:\Users\Radek\Desktop\Aktuální_foto_%3b)
2018-03-13 18:52 - 2017-11-17 21:34 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-13 18:52 - 2016-12-03 18:08 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-13 18:51 - 2017-09-23 02:58 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-13 18:51 - 2017-03-15 22:57 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-03-13 18:51 - 2016-12-03 18:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-11 12:56 - 2016-06-08 20:43 - 000000000 ____D C:\Users\Radek\Documents\Corel
2018-03-11 12:56 - 2016-06-08 20:43 - 000000000 ____D C:\Users\Radek\AppData\Roaming\Corel
2018-03-11 12:55 - 2016-06-08 20:39 - 000000000 ____D C:\ProgramData\Corel
2018-03-11 12:55 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-03-11 12:45 - 2016-05-31 17:34 - 000000000 ____D C:\ProgramData\Adobe
2018-03-11 12:44 - 2016-05-31 17:36 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-11 12:43 - 2016-06-06 20:36 - 000000000 ____D C:\Program Files\Common Files\Adobe

==================== Files in the root of some directories =======

2018-03-11 13:53 - 2018-03-11 13:53 - 000000005 _____ () C:\Program Files\trl.trl
2017-01-06 09:59 - 2017-01-06 09:59 - 000004608 _____ () C:\Users\Radek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2017-10-04 20:59 - 2015-01-26 16:59 - 000060296 _____ (Autodesk, Inc.) C:\Users\Radek\AppData\Local\Temp\AcDeltree.exe
2017-10-31 20:37 - 2018-01-15 20:35 - 000534528 _____ () C:\Users\Radek\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 11:38

==================== End of FRST.txt ============================

#7 Příspěvek od **Rudy** » 02 dub 2018 10:23

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {051c0d54-2517-11e8-a909-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {051c0d5f-2517-11e8-a909-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {27ee3eee-2b5c-11e7-a846-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-330345402-810464471-2490009223-1000\...\MountPoints2: {a4a559b3-8d96-11e7-94c0-d0df9ab4b015} - F:\HiSuiteDownLoader.exe
ShellExecuteHooks: No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} - C:\Users\Radek\AppData\Roaming\Gijerwardarement\Ckonagetoperght.dll -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Profile: C:\Users\Radek\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-04-01] <==== ATTENTION
C:\Users\Radek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Radek\AppData\Local\Temp
Task: {6D4212AA-7551-498E-9F04-43D47A5733FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10] (Google Inc.)
Task: {D6367B95-5278-4A71-9A21-FB009B0D4F88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10] (Google Inc.)

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Kalashnikow88 · #8 Příspěvek od **Kalashnikow88** » 03 dub 2018 16:36

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Radek (03-04-2018 17:35:23) Run:1
Running from C:\Users\Radek\Desktop
Loaded Profiles: Radek (Available Profiles: Radek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses
HKLMSOFTWAREPoliciesMicrosoftWindows Defender Restriction ==== ATTENTION
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {051c0d54-2517-11e8-a909-d0df9ab4b015} - FHiSuiteDownLoader.exe
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {051c0d5f-2517-11e8-a909-d0df9ab4b015} - FHiSuiteDownLoader.exe
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {27ee3eee-2b5c-11e7-a846-d0df9ab4b015} - FHiSuiteDownLoader.exe
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {a4a559b3-8d96-11e7-94c0-d0df9ab4b015} - FHiSuiteDownLoader.exe
ShellExecuteHooks No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} - CUsersRadekAppDataRoamingGijerwardarementCkonagetoperght.dll - No File ==== ATTENTION
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page =
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL =
SearchScopes HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin @microsoft.comGENUINE - disabled [No File]
FF Plugin-x32 @microsoft.comGENUINE - disabled [No File]
CHR Profile CUsersRadekAppDataLocalGoogleChromeUser DataChromeDefaultData [2018-04-01] ==== ATTENTION
CUsersRadekAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
CUsersRadekAppDataLocalTemp
Task {6D4212AA-7551-498E-9F04-43D47A5733FB} - System32TasksGoogleUpdateTaskMachineUA = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe [2017-01-10] (Google Inc.)
Task {D6367B95-5278-4A71-9A21-FB009B0D4F88} - System32TasksGoogleUpdateTaskMachineCore = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe [2017-01-10] (Google Inc.)

EmptyTemp
End
*****************

CloseProcesses => Error: No automatic fix found for this entry.
HKLMSOFTWAREPoliciesMicrosoftWindows Defender Restriction ==== ATTENTION => Error: No automatic fix found for this entry.
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {051c0d54-2517-11e8-a909-d0df9ab4b015} - FHiSuiteDownLoader.exe => Error: No automatic fix found for this entry.
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {051c0d5f-2517-11e8-a909-d0df9ab4b015} - FHiSuiteDownLoader.exe => Error: No automatic fix found for this entry.
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {27ee3eee-2b5c-11e7-a846-d0df9ab4b015} - FHiSuiteDownLoader.exe => Error: No automatic fix found for this entry.
HKUS-1-5-21-330345402-810464471-2490009223-1000...MountPoints2 {a4a559b3-8d96-11e7-94c0-d0df9ab4b015} - FHiSuiteDownLoader.exe => Error: No automatic fix found for this entry.
ShellExecuteHooks No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} - CUsersRadekAppDataRoamingGijerwardarementCkonagetoperght.dll - No File ==== ATTENTION => Error: No automatic fix found for this entry.
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = => Error: No automatic fix found for this entry.
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = => Error: No automatic fix found for this entry.
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = => Error: No automatic fix found for this entry.
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page = => Error: No automatic fix found for this entry.
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = => Error: No automatic fix found for this entry.
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = => Error: No automatic fix found for this entry.
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = => Error: No automatic fix found for this entry.
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = => Error: No automatic fix found for this entry.
SearchScopes HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
FF Plugin @microsoft.comGENUINE - disabled [No File] => Error: No automatic fix found for this entry.
FF Plugin-x32 @microsoft.comGENUINE - disabled [No File] => Error: No automatic fix found for this entry.
CHR Profile CUsersRadekAppDataLocalGoogleChromeUser DataChromeDefaultData [2018-04-01] ==== ATTENTION => Error: No automatic fix found for this entry.
CUsersRadekAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Error: No automatic fix found for this entry.
CUsersRadekAppDataLocalTemp => Error: No automatic fix found for this entry.
Task {6D4212AA-7551-498E-9F04-43D47A5733FB} - System32TasksGoogleUpdateTaskMachineUA = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe [2017-01-10] (Google Inc.) => Error: No automatic fix found for this entry.
Task {D6367B95-5278-4A71-9A21-FB009B0D4F88} - System32TasksGoogleUpdateTaskMachineCore = CProgram Files (x86)GoogleUpdateGoogleUpdate.exe [2017-01-10] (Google Inc.) => Error: No automatic fix found for this entry.
EmptyTemp => Error: No automatic fix found for this entry.

==== End of Fixlog 17:35:23 ====

#9 Příspěvek od **Rudy** » 03 dub 2018 16:56

OK. Nastala nějaká změna?

Kalashnikow88 · #10 Příspěvek od **Kalashnikow88** » 03 dub 2018 17:57

Jeví se jako lepsi. Dekuji moc.

#11 Příspěvek od **Rudy** » 03 dub 2018 18:49

Nemáte zač!

VIRY.CZ

Stále vyskakující reklamy

Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy

Re: Stále vyskakující reklamy