Prosím pomoc - AdRedirector

Zpráva

geofre · #1 Příspěvek od **geofre** » 02 dub 2018 12:43

Dobrý den,
Prosím o pomoc. Někde jsem chytl nějakou havěť.
Po spuštění internetového prohlížeče (FireFox 59.0.2) na mne z ESET Smart Security vyskočí hláška, že byl zablokován pokus o přesměrování - AdRedirector = connection terminated

Malwarebytes cosi našel a hodil do karantény. Přesto i po té se problém opakuje. ESET nic nenachází.
Prosím o kontrolu logu. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Ĺ tÄ›pĂˇnek (administrator) on Ĺ TÄšPĂNEK-PC (02-04-2018 13:46:31)
Running from C:\Users\Ĺ tÄ›pĂˇnek\Desktop
Loaded Profiles: Ĺ tÄ›pĂˇnek (Available Profiles: Ĺ tÄ›pĂˇnek)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: ÄŚeĹˇtina (ÄŚeskĂˇ republika)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Rhino Software, Inc. +1(262) 560-9627) C:\Program Files (x86)\Serv-U\Serv-U.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(C. Ghisler & Co.) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(forum.viry.cz) C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-22] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 212.96.160.7
Tcpip\..\Interfaces\{E6178E47-7FB0-436F-9DF0-A3B91DCB03C7}: [DhcpNameServer] 8.8.8.8 212.96.160.7

Internet Explorer:
==================
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\Software\Microsoft\Internet Explorer\Main,Start Page = gamezona.org
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default [2018-04-02]
FF Homepage: Mozilla\Firefox\Profiles\7uynttbu.default -> hxxp://www.google.cz/
FF Extension: (Battlefield Heroes Updater) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\Extensions\battlefieldheroespatcher@ea.com [2013-12-15] [Legacy] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-12-15] [Legacy] [not signed]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\features\{a0df154d-1fb5-4e39-8c86-f8ebe9583426}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-29] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2962429489-3974925462-3520029192-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-02-28] ()

Chrome:
=======
CHR Profile: C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]
CHR Extension: (Prezentace) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-17]
CHR Extension: (Dokumenty) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-17]
CHR Extension: (Disk Google) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-17]
CHR Extension: (YouTube) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-17]
CHR Extension: (Tabulky) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-17]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-17]
CHR Extension: (Gmail) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-12-30] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-10-28] ()
R2 Serv-U; C:\Program Files (x86)\Serv-U\Serv-U.exe [611736 2012-12-13] (Rhino Software, Inc. +1(262) 560-9627)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-02-26] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 atillk64; D:\Programy\ati_winflash_2.6.7\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [181160 2018-04-02] (ESET)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-12-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2016-03-23] ()
S3 STHFK; C:\Windows\System32\Drivers\sthfk64.sys [46288 2014-02-28] (CSR plc.)
U3 a1btuom2; C:\Windows\System32\Drivers\a1btuom2.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-02 13:46 - 2018-04-02 13:46 - 000012307 _____ C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRST.txt
2018-04-02 13:43 - 2018-04-02 13:43 - 000013372 _____ C:\Users\Ĺ tÄ›pĂˇnek\Desktop\Addition.rar
2018-04-02 13:36 - 2018-04-02 13:36 - 000181160 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2018-04-02 13:26 - 2018-04-02 13:45 - 000112640 _____ (forum.viry.cz) C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRSTLauncher.exe
2018-04-02 13:25 - 2018-04-02 13:46 - 000000000 ____D C:\FRST
2018-04-02 13:24 - 2018-04-02 13:24 - 002403328 _____ (Farbar) C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRST64.exe
2018-04-02 10:08 - 2018-03-28 10:31 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-02 10:08 - 2018-03-28 10:09 - 004046016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-02 10:08 - 2018-03-28 10:09 - 004026048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-02 10:08 - 2018-03-09 05:39 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-02 10:08 - 2018-03-09 05:39 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-02 10:08 - 2018-03-09 05:39 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-02 10:08 - 2018-03-09 05:39 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-02 10:08 - 2018-03-09 05:18 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-02 10:08 - 2018-03-09 05:09 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:47 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:38 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-02 10:08 - 2018-03-09 04:38 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-02 10:08 - 2018-03-09 04:38 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-02 10:08 - 2018-03-09 04:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-02 10:08 - 2018-03-09 04:34 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-02 10:08 - 2018-03-09 04:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-02 10:08 - 2018-03-09 04:33 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-02 10:08 - 2018-03-09 04:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-02 10:08 - 2018-03-09 04:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-02 10:08 - 2018-03-09 04:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-02 10:08 - 2018-03-09 04:29 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-02 10:08 - 2018-03-09 04:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-02 10:08 - 2018-03-09 04:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-02 10:08 - 2018-03-09 04:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-02 10:08 - 2018-03-09 04:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-02 10:08 - 2018-03-09 04:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-02 10:08 - 2018-03-09 04:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-02 10:08 - 2018-03-09 04:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-02 10:08 - 2018-03-09 04:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-02 10:08 - 2018-02-18 23:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-25 12:44 - 2018-03-25 12:44 - 000000222 _____ C:\Users\Ĺ tÄ›pĂˇnek\Desktop\Company of Heroes.url
2018-03-21 15:42 - 2018-03-21 15:42 - 000000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\ÂµTorrent.lnk
2018-03-21 15:42 - 2018-03-21 15:42 - 000000947 _____ C:\Users\Public\Desktop\ÂµTorrent.lnk
2018-03-21 15:42 - 2018-03-21 15:42 - 000000000 ____D C:\Program Files (x86)\uTorrent
2018-03-17 13:22 - 2018-03-21 15:00 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-17 13:22 - 2018-03-21 15:00 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-17 13:21 - 2018-03-17 13:21 - 001129816 _____ (Google Inc.) C:\Users\Ĺ tÄ›pĂˇnek\Downloads\ChromeSetup.exe
2018-03-16 18:05 - 2018-02-13 20:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-16 18:05 - 2018-02-13 20:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-16 18:05 - 2018-02-13 16:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-14 20:25 - 2018-03-14 20:25 - 000004540 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-02 12:50 - 2016-11-19 21:39 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\LocalLow\Mozilla
2018-04-02 11:11 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-04-02 10:24 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-02 10:24 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-02 10:22 - 2009-07-14 17:18 - 000677774 _____ C:\Windows\system32\perfh005.dat
2018-04-02 10:22 - 2009-07-14 17:18 - 000146672 _____ C:\Windows\system32\perfc005.dat
2018-04-02 10:22 - 2009-07-14 07:13 - 001612704 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-02 10:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-02 10:16 - 2015-04-23 16:54 - 000025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-04-02 10:16 - 2014-06-10 22:02 - 000000000 ____D C:\ProgramData\Serv-U
2018-04-02 10:16 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-02 10:15 - 2017-03-01 20:35 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-31 20:46 - 2013-12-20 18:37 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-31 20:46 - 2013-12-15 13:41 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\uTorrent
2018-03-31 18:49 - 2014-10-26 20:02 - 000007606 _____ C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Resmon.ResmonCfg
2018-03-28 16:27 - 2017-04-25 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-28 16:27 - 2013-12-07 15:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 14:07 - 2013-12-22 14:41 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\Documents\My Games
2018-03-23 20:16 - 2016-03-26 20:36 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\Desktop\slunicko
2018-03-19 20:30 - 2014-09-09 11:48 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google
2018-03-18 11:06 - 2014-01-30 17:52 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\ESET
2018-03-17 13:22 - 2014-09-09 11:48 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-16 18:07 - 2014-12-10 19:44 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-16 18:07 - 2013-12-07 14:46 - 000000000 ____D C:\Windows\system32\MRT
2018-03-16 18:05 - 2017-10-11 18:16 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-16 18:05 - 2013-12-07 14:46 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-15 20:59 - 2016-10-21 19:35 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2018-03-15 20:59 - 2016-10-21 19:35 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2018-03-15 20:59 - 2014-10-20 20:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-14 20:25 - 2013-12-15 13:06 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-14 20:25 - 2013-12-07 14:27 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-14 20:25 - 2013-12-07 14:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 20:25 - 2013-12-07 14:27 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-14 20:25 - 2013-12-07 14:27 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2014-10-26 20:02 - 2018-03-31 18:49 - 000007606 _____ () C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-10-28 14:39 - 2017-10-28 19:35 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Temp\drm_dyndata_7370014.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 17:09

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:111.79 GB) (Free:6.55 GB) NTFS
Drive d: (NovĂ˝ svazek) (Fixed) (Total:488.28 GB) (Free:8.75 GB) NTFS
Drive e: (NovĂ˝ svazek) (Fixed) (Total:443.23 GB) (Free:4.06 GB) NTFS
Drive f: () (Fixed) (Total:37.47 GB) (Free:31.43 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:17.43 GB) NTFS
\\?\Volume{0b719d9f-5f34-11e3-b9f0-806e6f6e6963}\ (RezervovĂˇno systĂ©mem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

Available physical RAM: 5453.06 MB
Total physical RAM: 8189.24 MB
Percentage of memory in use: 33%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 8CCA5A1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 47C1E479)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: F75B6B1F)
Partition 1: (Active) - (Size=488.3 GB) - (Type=06)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=0F Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ćtŘp nek\Desktop" je 17146 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\311~1.587\SSSCHE~1.EXE

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Rudy** » 02 dub 2018 15:32

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

geofre · #3 Příspěvek od **geofre** » 02 dub 2018 18:30

Dobrý den,
Log viz níže:

# AdwCleaner 7.0.8.0 - Logfile created on Mon Apr 02 17:27:32 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Štěpánek\Documents\Mobogenie
Deleted: C:\Users\Štěpánek\AppData\Local\genienext
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Deleted: C:\Program Files (x86)\myfree codec

***** [ Files ] *****

Deleted: C:\Users\Štěpánek\daemonprocess.txt

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Myfree Codec
Deleted: [Key] - HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\Software\Myfree Codec
Deleted: [Key] - HKCU\Software\Myfree Codec
Deleted: [Key] - HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Deleted: [Key] - HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2202 B] - [2018/4/2 17:25:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#4 Příspěvek od **Rudy** » 02 dub 2018 18:57

Dejte nový log FRST.

geofre · #5 Příspěvek od **geofre** » 02 dub 2018 20:29

Dobrý večer,
Log níže:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Ĺ tÄ›pĂˇnek (administrator) on Ĺ TÄšPĂNEK-PC (02-04-2018 21:26:20)
Running from C:\Users\Ĺ tÄ›pĂˇnek\Desktop
Loaded Profiles: Ĺ tÄ›pĂˇnek (Available Profiles: Ĺ tÄ›pĂˇnek)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: ÄŚeĹˇtina (ÄŚeskĂˇ republika)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Rhino Software, Inc. +1(262) 560-9627) C:\Program Files (x86)\Serv-U\Serv-U.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-22] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 212.96.160.7
Tcpip\..\Interfaces\{E6178E47-7FB0-436F-9DF0-A3B91DCB03C7}: [DhcpNameServer] 8.8.8.8 212.96.160.7

Internet Explorer:
==================
HKU\S-1-5-21-2962429489-3974925462-3520029192-1000\Software\Microsoft\Internet Explorer\Main,Start Page = gamezona.org
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default [2018-04-02]
FF Homepage: Mozilla\Firefox\Profiles\7uynttbu.default -> hxxp://www.google.cz/
FF Extension: (Battlefield Heroes Updater) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\Extensions\battlefieldheroespatcher@ea.com [2013-12-15] [Legacy] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-12-15] [Legacy] [not signed]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\features\{a0df154d-1fb5-4e39-8c86-f8ebe9583426}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-29] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2962429489-3974925462-3520029192-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-02-28] ()

Chrome:
=======
CHR Profile: C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]
CHR Extension: (Prezentace) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-17]
CHR Extension: (Dokumenty) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-17]
CHR Extension: (Disk Google) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-17]
CHR Extension: (YouTube) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-17]
CHR Extension: (Tabulky) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-17]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-17]
CHR Extension: (Gmail) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-12-30] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-10-28] ()
R2 Serv-U; C:\Program Files (x86)\Serv-U\Serv-U.exe [611736 2012-12-13] (Rhino Software, Inc. +1(262) 560-9627)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-02-26] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 atillk64; D:\Programy\ati_winflash_2.6.7\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [181160 2018-04-02] (ESET)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-12-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2016-03-23] ()
S3 STHFK; C:\Windows\System32\Drivers\sthfk64.sys [46288 2014-02-28] (CSR plc.)
U3 avculufl; C:\Windows\System32\Drivers\avculufl.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-02 19:27 - 2018-04-02 19:27 - 000002205 _____ C:\Users\Ĺ tÄ›pĂˇnek\Desktop\AdwCleaner[S0].txt
2018-04-02 19:24 - 2018-04-02 19:27 - 000000000 ____D C:\AdwCleaner
2018-04-02 19:23 - 2018-04-02 19:23 - 008222496 _____ (Malwarebytes) C:\Users\Ĺ tÄ›pĂˇnek\Desktop\adwcleaner_7.0.8.0.exe
2018-04-02 13:46 - 2018-04-02 21:26 - 000012054 _____ C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRST.txt
2018-04-02 13:43 - 2018-04-02 13:48 - 000013370 _____ C:\Users\Ĺ tÄ›pĂˇnek\Desktop\Addition.rar
2018-04-02 13:36 - 2018-04-02 13:36 - 000181160 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2018-04-02 13:26 - 2018-04-02 13:45 - 000112640 _____ (forum.viry.cz) C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRSTLauncher.exe
2018-04-02 13:25 - 2018-04-02 21:26 - 000000000 ____D C:\FRST
2018-04-02 13:24 - 2018-04-02 13:24 - 002403328 _____ (Farbar) C:\Users\Ĺ tÄ›pĂˇnek\Desktop\FRST64.exe
2018-04-02 10:08 - 2018-03-28 10:31 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-02 10:08 - 2018-03-28 10:09 - 004046016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-02 10:08 - 2018-03-28 10:09 - 004026048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-02 10:08 - 2018-03-09 05:39 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-02 10:08 - 2018-03-09 05:39 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-02 10:08 - 2018-03-09 05:39 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-02 10:08 - 2018-03-09 05:39 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-02 10:08 - 2018-03-09 05:18 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-02 10:08 - 2018-03-09 05:09 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:47 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:38 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-02 10:08 - 2018-03-09 04:38 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-02 10:08 - 2018-03-09 04:38 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-02 10:08 - 2018-03-09 04:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-02 10:08 - 2018-03-09 04:34 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-02 10:08 - 2018-03-09 04:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-02 10:08 - 2018-03-09 04:33 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-02 10:08 - 2018-03-09 04:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-02 10:08 - 2018-03-09 04:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-02 10:08 - 2018-03-09 04:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-02 10:08 - 2018-03-09 04:29 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-02 10:08 - 2018-03-09 04:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-02 10:08 - 2018-03-09 04:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-02 10:08 - 2018-03-09 04:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-02 10:08 - 2018-03-09 04:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-02 10:08 - 2018-03-09 04:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-02 10:08 - 2018-03-09 04:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-02 10:08 - 2018-03-09 04:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-02 10:08 - 2018-03-09 04:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-02 10:08 - 2018-03-09 04:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-02 10:08 - 2018-02-18 23:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-25 12:44 - 2018-03-25 12:44 - 000000222 _____ C:\Users\Ĺ tÄ›pĂˇnek\Desktop\Company of Heroes.url
2018-03-21 15:42 - 2018-03-21 15:42 - 000000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\ÂµTorrent.lnk
2018-03-21 15:42 - 2018-03-21 15:42 - 000000947 _____ C:\Users\Public\Desktop\ÂµTorrent.lnk
2018-03-21 15:42 - 2018-03-21 15:42 - 000000000 ____D C:\Program Files (x86)\uTorrent
2018-03-17 13:22 - 2018-03-21 15:00 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-17 13:22 - 2018-03-21 15:00 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-17 13:21 - 2018-03-17 13:21 - 001129816 _____ (Google Inc.) C:\Users\Ĺ tÄ›pĂˇnek\Downloads\ChromeSetup.exe
2018-03-16 18:05 - 2018-02-13 20:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-16 18:05 - 2018-02-13 20:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-16 18:05 - 2018-02-13 16:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-16 18:05 - 2018-02-13 16:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-14 20:25 - 2018-03-14 20:25 - 000004540 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-02 21:25 - 2016-11-19 21:39 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\LocalLow\Mozilla
2018-04-02 19:36 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-02 19:36 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-02 19:33 - 2009-07-14 17:18 - 000677774 _____ C:\Windows\system32\perfh005.dat
2018-04-02 19:33 - 2009-07-14 17:18 - 000146672 _____ C:\Windows\system32\perfc005.dat
2018-04-02 19:33 - 2009-07-14 07:13 - 001612704 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-02 19:33 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-02 19:28 - 2017-03-01 20:35 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-02 19:28 - 2015-04-23 16:54 - 000025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-04-02 19:28 - 2014-06-10 22:02 - 000000000 ____D C:\ProgramData\Serv-U
2018-04-02 19:28 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-02 19:27 - 2013-12-07 13:43 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek
2018-04-02 11:11 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-03-31 20:46 - 2013-12-20 18:37 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-31 20:46 - 2013-12-15 13:41 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\Roaming\uTorrent
2018-03-31 18:49 - 2014-10-26 20:02 - 000007606 _____ C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Resmon.ResmonCfg
2018-03-28 16:27 - 2017-04-25 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-28 16:27 - 2013-12-07 15:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 14:07 - 2013-12-22 14:41 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\Documents\My Games
2018-03-23 20:16 - 2016-03-26 20:36 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\Desktop\slunicko
2018-03-19 20:30 - 2014-09-09 11:48 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Google
2018-03-18 11:06 - 2014-01-30 17:52 - 000000000 ____D C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\ESET
2018-03-17 13:22 - 2014-09-09 11:48 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-16 18:07 - 2014-12-10 19:44 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-16 18:07 - 2013-12-07 14:46 - 000000000 ____D C:\Windows\system32\MRT
2018-03-16 18:05 - 2017-10-11 18:16 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-16 18:05 - 2013-12-07 14:46 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-15 20:59 - 2016-10-21 19:35 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2018-03-15 20:59 - 2016-10-21 19:35 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2018-03-15 20:59 - 2014-10-20 20:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-14 20:25 - 2013-12-15 13:06 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-14 20:25 - 2013-12-07 14:27 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-14 20:25 - 2013-12-07 14:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 20:25 - 2013-12-07 14:27 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-14 20:25 - 2013-12-07 14:27 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2014-10-26 20:02 - 2018-03-31 18:49 - 000007606 _____ () C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-10-28 14:39 - 2017-10-28 19:35 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Temp\drm_dyndata_7370014.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 17:09

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:111.79 GB) (Free:6.45 GB) NTFS
Drive d: (NovĂ˝ svazek) (Fixed) (Total:488.28 GB) (Free:8.75 GB) NTFS
Drive e: (NovĂ˝ svazek) (Fixed) (Total:443.23 GB) (Free:4.06 GB) NTFS
Drive f: () (Fixed) (Total:37.47 GB) (Free:31.43 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:17.43 GB) NTFS
\\?\Volume{0b719d9f-5f34-11e3-b9f0-806e6f6e6963}\ (RezervovĂˇno systĂ©mem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

Available physical RAM: 5918.73 MB
Total physical RAM: 8189.24 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 8CCA5A1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: F75B6B1F)
Partition 1: (Active) - (Size=488.3 GB) - (Type=06)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=0F Extended)
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 47C1E479)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ćtŘp nek\Desktop" je 17154 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\311~1.587\SSSCHE~1.EXE

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **Rudy** » 02 dub 2018 20:59

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
C:\Users\Ĺ tÄ›pĂˇnek\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\ćtŘp nek\Desktop" je 17154 MB.

To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\Štěpánek novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

geofre · #7 Příspěvek od **geofre** » 03 dub 2018 15:23

Dobrý den,
Log viz níže:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Štěpánek (03-04-2018 16:18:40) Run:1
Running from C:\Users\Štěpánek\Desktop
Loaded Profiles: Štěpánek (Available Profiles: Štěpánek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
C:\Users\�t�p�nek\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\McComponentHostService" => removed successfully
McComponentHostService => service removed successfully
C:\Program Files\McAfee Security Scan => moved successfully
"C:\Users\�t�p�nek\AppData\Local\Temp" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73077826 B
Java, Flash, Steam htmlcache => 616266429 B
Windows/system/drivers => 822531021 B
Edge => 0 B
Chrome => 70119452 B
Firefox => 495894042 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43310255 B
systemprofile32 => 72742 B
LocalService => 66228 B
NetworkService => 668782 B
Štěpánek => 133905689 B

RecycleBin => 0 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:18:55 ====

#8 Příspěvek od **Rudy** » 03 dub 2018 15:52

Smazáno. Nastala nějaká změna?

geofre · #9 Příspěvek od **geofre** » 03 dub 2018 16:04

Dobrý den,
Po včerejší akci s ADWCleanerem to vypadlo v pořádku, respektive přestalo vyskakovat okno Antiviru, oznamující blokaci = byl klid.
Po dnešní akci s poznámkovým blokem a restartu PC na mne hned po spuštění Firefoxu vyskočila hláška, že byl zablokován pokus o připojení AdRedirector a JS/Redirector.NDR trojan
V příloze screenshot pop-up okna antiviru

#10 Příspěvek od **Rudy** » 03 dub 2018 16:55

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/ .
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

a

2. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

geofre · #11 Příspěvek od **geofre** » 03 dub 2018 18:40

Problém setrvalý
Zoek v5.0.0.2 běží už nějakých 45min, nejde ukončit + v procesech běží nějaký PEVZ.EXE *32 který mi žere 25% CPU

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by ćtŘp nek (Administrator) on Łt 03.04.2018 at 18:44:20,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\ćtŘp nek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5ZYVSXT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ćtŘp nek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWSLWBZT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ćtŘp nek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPWSYQC9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ćtŘp nek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M05JF4DK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5ZYVSXT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWSLWBZT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPWSYQC9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M05JF4DK (Temporary Internet Files Folder)

Deleted the following from C:\Users\ćtŘp nek\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\prefs.js
user_pref(browser.urlbar.suggest.searches, false);

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 03.04.2018 at 18:45:57,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---
Zoek v5.0.0.2 běží už nějakých 45min, nejde ukončit + v procesech běží nějaký PEVZ.EXE *32 který mi žere 25% CPU
zoek-results.log mi vypsal toto:

Zoek.exe v5.0.0.2 Updated 29-March-2018(online version)
Tool run by ćtŘp nek on Łt 03.04.2018 at 18:46:59,00.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TPNEK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3.4.2018 18:48:05 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== FireFox Fix ======================

Deleted from C:\Users\TPNEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.cz/");

Added to C:\Users\TPNEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\TPNEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\7uynttbu.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

#12 Příspěvek od **Rudy** » 03 dub 2018 18:51

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

geofre · #13 Příspěvek od **geofre** » 03 dub 2018 18:58

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 03.04.18
Čas skenování: 19:55
Logovací soubor: 2ec3da90-3768-11e8-80e6-50e5495f2b2a.json
Správce: Ano

-Informace o softwaru-
Verze: 3.4.5.2467
Verze komponentů: 1.0.342
Aktualizovat verzi balíku komponent: 1.0.4600
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: \u00c5\u00a0t\u00c4\u009bp\u00c3\u00a1nek-PC\\u00c5\u00a0t\u00c4\u009bp\u00c3\u00a1nek

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 275467
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 1 min, 46 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

#14 Příspěvek od **Rudy** » 03 dub 2018 20:09

Log je OK. V takovém případě je to jen a pouze hláška antiviru o tom, že zablokoval onu komunikaci. V PC nic nemáte.

geofre · #15 Příspěvek od **geofre** » 04 dub 2018 14:03

Dobrý den,
Zvláštní že ty blokace vyskakovaly i na bezproblémových stránkách, jako je např. seznam.cz či idnes.cz či zrovna právě forum.viry.cz

Každopádně mockrát děkuji za ochotu pomoci

VIRY.CZ

Prosím pomoc - AdRedirector

Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector

Re: Prosím pomoc - AdRedirector