Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
jajsemhonzik
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 úno 2014 11:33

Prosim o kontrolu logu

#1 Příspěvek od jajsemhonzik »

Prosim o kontrolu logu, PC je extrémně pomalý, spousta aplikací padá a padají i celý W.
Log z nouzového režimu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.05.2018
Ran by admin (administrator) on E130-1 (05-05-2018 15:21:27)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ghisler Software GmbH) C:\Program Files\Total_CMD\TOTALCMD64.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [1010784 2012-08-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [564320 2012-08-13] (Lenovo Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2950456 2012-10-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4267784 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\admin\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [icq] => C:\Users\admin\AppData\Roaming\ICQM\icq.exe -CU
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [Dropbox Update] => C:\Users\admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [DoUSBC120] => C:\Users\admin\AppData\Local\Temp\dlusb_launcherC120.exe [110592 2011-10-06] (Grain Media, Inc.) <==== ATTENTION
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\MountPoints2: {cd481d36-f3ed-11e7-803b-84a6c8a94d08} - "D:\dlusb_launcherC120.exe"
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1263D2F0-6501-4E35-9CCB-D6E624B0475F}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{F1AD31C3-019C-41FD-9E73-206B93866F0A}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKU\S-1-5-21-736925393-32956484-3246383293-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-736925393-32956484-3246383293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {2DF0B86C-122F-4496-A785-EFE9B3E4600A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {33F9CBF5-35F3-412B-8AB5-CA68F4D7E81C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {4D27816B-AEF9-4569-8FB0-4CA6AE51ABF2} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {5A50FCE8-E568-4C85-A91B-E7BD025917DF} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {7B717EA5-A003-4CFD-A3A9-C0A9B946DC27} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={948B22DD-3FD1-42C0-B561-DA1D4B3AEE25}&mid=0c6b0b7ec7e247d29d70d9d747d1633a-dd53ade549d18eb4c64b805618243655e25a774c&lang=en&ds=sc011&coid=avgtbdissc&cmpid=&pr=sa&d=2014-05-02 11:56:48&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {95BFC9E7-A066-4B46-9187-58280AB03E59} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {CC3E3C79-05F7-4AD1-800C-3F34A4EA9ED2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {D662B72E-B19D-48EE-9BEF-5A64C9C5D13A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {FA2BEAB7-E831-4D61-82D7-7AE3F875B0A8} URL = hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=rbox&toolbarid=base&u=9443e5c000000000000086a6c8a94d05&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {FBB57CC0-8630-4093-B3E5-1CCD3A737A7E} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-08-31] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-08-31] (AuthenTec Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: (PDF Architect 2 Creator) - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-15] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-10-20] [Legacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2012-08-31] (AuthenTec, Inc)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-05-05]
CHR Extension: (Prezentace) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-05]
CHR Extension: (Dokumenty) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-05]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-05]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-05]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-05-05]
CHR Extension: (Tabulky) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-05]
CHR HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
S2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [47368 2012-07-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [222304 2012-08-13] (Lenovo Corporation)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
S2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [457824 2012-08-20] (Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [458336 2012-08-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21928 2012-08-16] ()
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 TrueService; "C:\Program Files\Common Files\AuthenTec\TrueService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [29208 2014-08-12] ()
S1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
S0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 MbmUsbSerial; C:\WINDOWS\System32\Drivers\MbmUsbSerial.sys [72704 2012-07-04] (Ericsson AB)
R3 MkBusFilter; C:\WINDOWS\System32\drivers\MbmDeviceFilter.sys [25600 2012-06-08] (Ericsson AB)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [922968 2016-10-12] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-02] (Synaptics Incorporated)
S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [33856 2011-06-16] (Lenovo Group Limited)
S3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-05 15:21 - 2018-05-05 15:22 - 000019491 _____ C:\Users\admin\Desktop\FRST.txt
2018-05-05 15:20 - 2018-05-05 15:21 - 000000000 ____D C:\FRST
2018-05-05 15:20 - 2018-05-05 15:20 - 000000000 ____D C:\Users\admin\Desktop\zachrana
2018-05-05 15:20 - 2018-05-05 15:14 - 002405376 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2018-05-05 15:04 - 2018-05-05 15:04 - 000000000 __SHD C:\found.003
2018-05-05 14:49 - 2018-05-05 14:49 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2018-05-05 13:58 - 2018-05-05 13:58 - 002405376 _____ (Farbar) C:\Users\admin\Downloads\FRST64 (1).exe
2018-05-05 13:57 - 2018-05-05 13:58 - 002405376 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2018-05-05 13:42 - 2018-05-05 13:42 - 000112640 _____ (forum.viry.cz) C:\Users\admin\Downloads\4a10af8e-a405-47b9-a41e-354010654514.tmp
2018-05-05 13:35 - 2018-05-05 13:35 - 000000000 ____D C:\Users\admin\AppData\Local\Google
2018-05-05 13:23 - 2018-05-05 13:23 - 000000000 _____ C:\Recovery.txt
2018-05-05 13:17 - 2018-05-05 13:17 - 000286440 _____ C:\WINDOWS\Minidump\050518-16640-01.dmp
2018-05-05 13:16 - 2018-05-05 13:16 - 000290192 _____ C:\WINDOWS\Minidump\050518-16484-01.dmp
2018-05-05 12:41 - 2018-05-05 12:41 - 000288760 _____ C:\WINDOWS\Minidump\050518-29984-01.dmp
2018-05-05 12:01 - 2018-05-05 12:01 - 000289632 _____ C:\WINDOWS\Minidump\050518-133906-01.dmp
2018-05-03 19:42 - 2018-05-03 19:42 - 000000000 __SHD C:\found.002
2018-05-03 19:24 - 2018-05-03 19:24 - 000290192 _____ C:\WINDOWS\Minidump\050318-18921-01.dmp
2018-05-03 18:24 - 2018-05-03 18:24 - 000000000 __SHD C:\found.001
2018-05-02 22:31 - 2018-05-02 22:31 - 000290192 _____ C:\WINDOWS\Minidump\050218-19781-01.dmp
2018-05-02 20:57 - 2018-05-02 20:58 - 000290136 _____ C:\WINDOWS\Minidump\050218-22703-01.dmp
2018-05-02 20:50 - 2018-05-02 20:50 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2018-05-02 20:08 - 2018-05-02 20:08 - 000290192 _____ C:\WINDOWS\Minidump\050218-33656-01.dmp
2018-05-02 19:27 - 2018-05-02 19:27 - 000000000 ____D C:\ProgramData\TrueSuite
2018-05-02 19:26 - 2018-05-02 19:26 - 000290192 _____ C:\WINDOWS\Minidump\050218-31234-01.dmp
2018-05-02 18:54 - 2018-05-02 18:54 - 000290192 _____ C:\WINDOWS\Minidump\050218-31140-01.dmp
2018-05-02 18:10 - 2018-05-02 18:10 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-05-02 18:09 - 2018-05-02 18:10 - 000290192 _____ C:\WINDOWS\Minidump\050218-120390-01.dmp
2018-05-02 17:43 - 2018-05-02 17:43 - 000289272 _____ C:\WINDOWS\Minidump\050218-127703-01.dmp
2018-05-02 17:20 - 2018-05-02 17:20 - 000000000 __SHD C:\found.000
2018-05-01 22:57 - 2018-05-01 22:57 - 000290224 _____ C:\WINDOWS\Minidump\050118-132812-01.dmp
2018-05-01 21:52 - 2018-05-01 21:53 - 000286840 _____ C:\WINDOWS\Minidump\050118-28390-01.dmp
2018-05-01 21:21 - 2018-05-01 21:21 - 000286696 _____ C:\WINDOWS\Minidump\050118-24671-01.dmp
2018-05-01 20:45 - 2018-05-01 20:46 - 000290240 _____ C:\WINDOWS\Minidump\050118-134734-01.dmp
2018-04-26 23:07 - 2018-04-26 23:07 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc-BackupByVLCPortable
2018-04-19 19:33 - 2018-04-19 19:34 - 000290120 _____ C:\WINDOWS\Minidump\041918-160875-01.dmp
2018-04-18 19:33 - 2018-04-18 19:33 - 000290240 _____ C:\WINDOWS\Minidump\041818-132609-01.dmp
2018-04-11 18:26 - 2018-03-23 15:50 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-04-11 18:26 - 2018-03-23 01:00 - 025742336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-11 18:26 - 2018-03-22 23:26 - 020287488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-11 18:26 - 2018-03-22 23:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-11 18:26 - 2018-03-22 23:15 - 005780480 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-11 18:26 - 2018-03-22 23:06 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-11 18:26 - 2018-03-22 22:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-11 18:26 - 2018-03-22 22:42 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-11 18:26 - 2018-03-22 22:37 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-11 18:26 - 2018-03-22 22:29 - 015282688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-11 18:26 - 2018-03-22 22:29 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-11 18:26 - 2018-03-22 22:29 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-11 18:26 - 2018-03-22 22:29 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-11 18:26 - 2018-03-22 22:27 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-11 18:26 - 2018-03-22 22:21 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-11 18:26 - 2018-03-22 22:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-11 18:26 - 2018-03-22 22:20 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-11 18:26 - 2018-03-22 22:15 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-11 18:26 - 2018-03-22 22:15 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-11 18:26 - 2018-03-22 22:15 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-11 18:26 - 2018-03-22 22:14 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-11 18:26 - 2018-03-22 22:04 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-11 18:26 - 2018-03-22 21:55 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-11 18:26 - 2018-03-22 21:53 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-11 18:26 - 2018-03-22 21:52 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-11 18:26 - 2018-03-22 21:51 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-11 18:26 - 2018-03-10 19:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-11 18:26 - 2018-03-10 02:16 - 001549136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-11 18:26 - 2018-03-10 02:16 - 000388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-11 18:26 - 2018-03-09 23:20 - 007405392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-11 18:26 - 2018-03-09 23:20 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-11 18:26 - 2018-03-09 23:20 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-11 18:26 - 2018-03-09 23:20 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-11 18:26 - 2018-03-09 23:20 - 001500424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-11 18:26 - 2018-03-09 23:20 - 001371344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-11 18:26 - 2018-03-09 23:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-11 18:26 - 2018-03-09 21:59 - 000121168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-11 18:26 - 2018-03-09 16:52 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-11 18:26 - 2018-03-09 16:52 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-11 18:26 - 2018-03-09 16:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-11 18:26 - 2018-03-09 16:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-11 18:26 - 2018-03-08 20:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-04-11 18:26 - 2018-03-08 20:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-04-11 18:26 - 2018-03-08 16:21 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-11 18:26 - 2018-03-08 01:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-11 18:26 - 2018-03-08 01:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-11 18:26 - 2018-03-07 21:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-11 18:26 - 2018-03-07 20:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-11 18:26 - 2018-03-03 19:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-11 18:26 - 2018-03-03 19:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-11 18:26 - 2018-02-10 03:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-11 18:26 - 2018-02-10 03:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-11 18:26 - 2018-02-09 19:44 - 000276304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-11 18:26 - 2018-02-09 19:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-11 18:26 - 2018-02-08 20:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-11 18:26 - 2018-02-08 20:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-11 18:26 - 2018-02-08 20:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-04-11 18:26 - 2018-02-08 20:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-04-11 18:26 - 2018-02-08 19:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-11 18:26 - 2018-02-08 19:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-11 18:26 - 2018-02-08 19:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-11 18:26 - 2018-02-08 19:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-11 18:26 - 2018-02-08 19:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-11 18:26 - 2018-02-08 19:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-11 18:26 - 2018-02-08 19:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-04-11 18:26 - 2018-02-08 19:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-11 18:26 - 2018-02-08 19:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-11 18:26 - 2018-01-25 16:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-11 18:26 - 2018-01-25 16:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-04-11 18:24 - 2018-03-16 20:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-11 18:24 - 2018-03-14 15:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-11 18:24 - 2018-03-14 15:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-05 15:20 - 2014-09-24 18:23 - 000005426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-05 15:20 - 2014-09-24 17:39 - 000732608 _____ C:\WINDOWS\system32\perfh005.dat
2018-05-05 15:20 - 2014-09-24 17:39 - 000149518 _____ C:\WINDOWS\system32\perfc005.dat
2018-05-05 15:20 - 2013-06-26 21:21 - 000000000 ____D C:\Users\admin\AppData\Local\GHISLER
2018-05-05 14:48 - 2014-10-20 11:54 - 001841860 _____ C:\WINDOWS\ntbtlog.txt
2018-05-05 14:43 - 2015-08-29 14:25 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e255bd4c6ddf.job
2018-05-05 14:43 - 2013-06-26 19:18 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-05-05 14:42 - 2016-02-02 18:30 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd7f79d79c.job
2018-05-05 14:42 - 2015-05-17 14:18 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0909ba687ea90.job
2018-05-05 14:42 - 2014-05-28 09:57 - 000000388 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2018-05-05 14:42 - 2014-05-28 09:57 - 000000388 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2018-05-05 14:42 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-05 14:37 - 2012-12-08 04:39 - 000000000 ____D C:\Users\admin\AppData\LocalLow\AuthenTec
2018-05-05 14:30 - 2013-10-01 09:26 - 001129984 ___SH C:\Users\admin\Desktop\Thumbs.db
2018-05-05 14:30 - 2013-06-26 19:18 - 000000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-05-05 14:01 - 2017-12-10 21:43 - 343742297 _____ C:\WINDOWS\MEMORY.DMP
2018-05-05 13:59 - 2012-10-26 13:35 - 004020617 _____ C:\ProgramData\MH_ErrorLog.txt
2018-05-05 13:57 - 2013-11-13 15:54 - 000000000 ___RD C:\Users\admin\Dropbox
2018-05-05 13:49 - 2014-11-05 13:16 - 000000000 ____D C:\Users\admin
2018-05-05 13:38 - 2013-10-18 14:01 - 000000000 ____D C:\Users\admin\AppData\Roaming\Seznam.cz
2018-05-05 13:21 - 2015-06-28 20:16 - 000000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-736925393-32956484-3246383293-1001UA.job
2018-05-05 13:17 - 2017-12-10 21:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-02 17:57 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-01 21:08 - 2016-05-11 18:31 - 000003050 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1aba28685bd79
2018-04-27 07:29 - 2012-12-07 23:43 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-736925393-32956484-3246383293-1001
2018-04-27 00:33 - 2013-06-26 19:19 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 00:33 - 2013-06-26 19:19 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-23 21:25 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-17 21:12 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-04-17 20:52 - 2018-02-20 19:41 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-17 20:51 - 2013-08-22 16:44 - 000521696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-17 20:45 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-04-11 19:56 - 2013-09-28 15:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-04-11 19:51 - 2013-07-18 18:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-11 19:41 - 2017-10-12 21:29 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-11 19:41 - 2012-12-16 20:36 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-11 19:41 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-11 19:34 - 2012-07-26 07:26 - 000000167 _____ C:\WINDOWS\win.ini

==================== Files in the root of some directories =======

2012-12-08 04:40 - 2012-12-12 15:52 - 000001524 _____ () C:\Users\admin\AppData\Roaming\AbsoluteReminder.xml
2013-07-08 23:39 - 2015-06-07 20:41 - 000012288 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\admin\AppData\Local\Temp\dlusb_launcherC120.exe


Some files in TEMP:
====================
2018-01-11 18:48 - 2011-07-25 11:30 - 000434176 _____ () C:\Users\admin\AppData\Local\Temp\awiscale.dll
2018-01-11 18:48 - 2011-09-15 14:08 - 000147456 _____ () C:\Users\admin\AppData\Local\Temp\DLCapAPI.dll
2018-01-11 18:48 - 2011-10-06 04:28 - 000110592 _____ (Grain Media, Inc.) C:\Users\admin\AppData\Local\Temp\dlusb_launcherC120.exe
2018-05-02 17:59 - 2018-05-02 17:59 - 000000000 _____ () C:\Users\admin\AppData\Local\Temp\x5nvllvu.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-03 19:35

==================== End of FRST.txt ============================
Přílohy
Addition.zip
(9.94 KiB) Staženo 46 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosim o kontrolu logu

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
:arrow: Ak nepouzivas, odorucam odinstalovat Seznam Software (Seznam Listicka).
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jajsemhonzik
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 úno 2014 11:33

Re: Prosim o kontrolu logu

#3 Příspěvek od jajsemhonzik »

Protokol čištění níže, protokol scanování v příloze.

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-04-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-06-2018
# Duration: 00:00:05
# OS: Windows 8.1
# Cleaned: 52
# Failed: 0


***** [ Services ] *****

Deleted vToolbarUpdater18.1.9

***** [ Folders ] *****

Deleted C:\ProgramData\AVG_UPDATE_0814TB
Deleted C:\Program Files (x86)\AVG Security Toolbar
Deleted C:\ProgramData\AVG Secure Search
Deleted C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted C:\ProgramData\AVG SafeGuard toolbar
Deleted C:\Program Files (x86)\AVG SafeGuard toolbar
Deleted C:\Users\admin\AppData\Local\AVG SafeGuard toolbar
Deleted C:\Users\admin\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\AVG-SECURE-SEARCH-UPDATE_0414C_RMV.JOB
Deleted C:\Windows\Tasks\AVG-SECURE-SEARCH-UPDATE_0414C_REL.JOB
Deleted C:\Windows\System32\Tasks\AVG-SECURE-SEARCH-UPDATE_0414C_RMV
Deleted C:\Windows\System32\Tasks\AVG-SECURE-SEARCH-UPDATE_0414C_REL

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4AD5BF-3635-4CEA-B071-DF9EFE4AB2E0}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rmv
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{282A83D3-F54C-429F-AD06-5C052A1CAD16}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rel
Deleted HKLM\Software\Wow6432Node\AVG Security Toolbar
Deleted HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted HKLM\Software\Wow6432Node\Classes\protocols\handler\viprotocol
Deleted HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Deleted HKLM\Software\Wow6432Node\Classes\AppID\ViProtocol.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Deleted HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKCU\Software\Classes\pokki
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\internetspeedtracker.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Přílohy
AdwCleaner[S00].zip
(1.56 KiB) Staženo 57 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosim o kontrolu logu

#4 Příspěvek od Conder »

:arrow: Poprosim o nove logy z FRST (obidva).

:arrow: Ide PC spustit aj v normalnom rezime?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jajsemhonzik
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 úno 2014 11:33

Re: Prosim o kontrolu logu

#5 Příspěvek od jajsemhonzik »

V normálním režimu spustit jde, ale nejde v něm prakticky nic dělat. Po načtení zobrazí místo kurzoru přesýpací hodiny a postupně hází hlášky o pádu různých aplikací a procesů.

Níže nový log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.05.2018
Ran by admin (administrator) on E130-1 (08-05-2018 11:59:11)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [1010784 2012-08-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [564320 2012-08-13] (Lenovo Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2950456 2012-10-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4267784 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\admin\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [icq] => C:\Users\admin\AppData\Roaming\ICQM\icq.exe -CU
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [Dropbox Update] => C:\Users\admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\Run: [DoUSBC120] => C:\Users\admin\AppData\Local\Temp\dlusb_launcherC120.exe [110592 2011-10-06] (Grain Media, Inc.) <==== ATTENTION
HKU\S-1-5-21-736925393-32956484-3246383293-1001\...\MountPoints2: {cd481d36-f3ed-11e7-803b-84a6c8a94d08} - "D:\dlusb_launcherC120.exe"
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{1263D2F0-6501-4E35-9CCB-D6E624B0475F}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{F1AD31C3-019C-41FD-9E73-206B93866F0A}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKU\S-1-5-21-736925393-32956484-3246383293-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-736925393-32956484-3246383293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {2DF0B86C-122F-4496-A785-EFE9B3E4600A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {33F9CBF5-35F3-412B-8AB5-CA68F4D7E81C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {4D27816B-AEF9-4569-8FB0-4CA6AE51ABF2} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {5A50FCE8-E568-4C85-A91B-E7BD025917DF} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {7B717EA5-A003-4CFD-A3A9-C0A9B946DC27} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={948B22DD-3FD1-42C0-B561-DA1D4B3AEE25}&mid=0c6b0b7ec7e247d29d70d9d747d1633a-dd53ade549d18eb4c64b805618243655e25a774c&lang=en&ds=sc011&coid=avgtbdissc&cmpid=&pr=sa&d=2014-05-02 11:56:48&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {95BFC9E7-A066-4B46-9187-58280AB03E59} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {CC3E3C79-05F7-4AD1-800C-3F34A4EA9ED2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {D662B72E-B19D-48EE-9BEF-5A64C9C5D13A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {FA2BEAB7-E831-4D61-82D7-7AE3F875B0A8} URL = hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=rbox&toolbarid=base&u=9443e5c000000000000086a6c8a94d05&q={searchTerms}
SearchScopes: HKU\S-1-5-21-736925393-32956484-3246383293-1001 -> {FBB57CC0-8630-4093-B3E5-1CCD3A737A7E} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-08-31] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-08-31] (AuthenTec Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: (PDF Architect 2 Creator) - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-15] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-10-20] [Legacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2012-08-31] (AuthenTec, Inc)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-05-05]
CHR Extension: (Prezentace) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-05]
CHR Extension: (Dokumenty) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-05]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-05]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-05]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-05-05]
CHR Extension: (Tabulky) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-05]
CHR HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
S2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [47368 2012-07-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [222304 2012-08-13] (Lenovo Corporation)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
S2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [457824 2012-08-20] (Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [458336 2012-08-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21928 2012-08-16] ()
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 IconMan_R; "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [29208 2014-08-12] ()
S1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
S1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
S0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 MbmUsbSerial; C:\WINDOWS\System32\Drivers\MbmUsbSerial.sys [72704 2012-07-04] (Ericsson AB)
R3 MkBusFilter; C:\WINDOWS\System32\drivers\MbmDeviceFilter.sys [25600 2012-06-08] (Ericsson AB)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [922968 2016-10-12] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-02] (Synaptics Incorporated)
S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [33856 2011-06-16] (Lenovo Group Limited)
S3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-07 21:52 - 2018-05-07 21:52 - 000290136 _____ C:\WINDOWS\Minidump\050718-18406-01.dmp
2018-05-06 22:58 - 2018-05-06 22:58 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-05-06 13:14 - 2018-05-06 13:14 - 000000000 __SHD C:\found.004
2018-05-06 12:40 - 2018-05-06 12:40 - 000000000 ____D C:\AdwCleaner
2018-05-06 12:40 - 2018-05-06 12:07 - 007271632 _____ (Malwarebytes) C:\Users\admin\Desktop\adwcleaner_7.1.1.exe
2018-05-06 12:33 - 2018-05-06 12:33 - 000286872 _____ C:\WINDOWS\Minidump\050618-19031-01.dmp
2018-05-05 15:22 - 2018-05-05 15:23 - 000044435 _____ C:\Users\admin\Desktop\Addition.txt
2018-05-05 15:21 - 2018-05-08 11:59 - 000019120 _____ C:\Users\admin\Desktop\FRST.txt
2018-05-05 15:20 - 2018-05-08 11:59 - 000000000 ____D C:\FRST
2018-05-05 15:20 - 2018-05-05 15:20 - 000000000 ____D C:\Users\admin\Desktop\zachrana
2018-05-05 15:20 - 2018-05-05 15:14 - 002405376 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2018-05-05 15:04 - 2018-05-05 15:04 - 000000000 __SHD C:\found.003
2018-05-05 14:49 - 2018-05-05 14:49 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2018-05-05 13:58 - 2018-05-05 13:58 - 002405376 _____ (Farbar) C:\Users\admin\Downloads\FRST64 (1).exe
2018-05-05 13:57 - 2018-05-05 13:58 - 002405376 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2018-05-05 13:42 - 2018-05-05 13:42 - 000112640 _____ (forum.viry.cz) C:\Users\admin\Downloads\4a10af8e-a405-47b9-a41e-354010654514.tmp
2018-05-05 13:35 - 2018-05-05 13:35 - 000000000 ____D C:\Users\admin\AppData\Local\Google
2018-05-05 13:23 - 2018-05-05 13:23 - 000000000 _____ C:\Recovery.txt
2018-05-05 13:17 - 2018-05-05 13:17 - 000286440 _____ C:\WINDOWS\Minidump\050518-16640-01.dmp
2018-05-05 13:16 - 2018-05-05 13:16 - 000290192 _____ C:\WINDOWS\Minidump\050518-16484-01.dmp
2018-05-05 12:41 - 2018-05-05 12:41 - 000288760 _____ C:\WINDOWS\Minidump\050518-29984-01.dmp
2018-05-05 12:01 - 2018-05-05 12:01 - 000289632 _____ C:\WINDOWS\Minidump\050518-133906-01.dmp
2018-05-03 19:42 - 2018-05-03 19:42 - 000000000 __SHD C:\found.002
2018-05-03 19:24 - 2018-05-03 19:24 - 000290192 _____ C:\WINDOWS\Minidump\050318-18921-01.dmp
2018-05-03 18:24 - 2018-05-03 18:24 - 000000000 __SHD C:\found.001
2018-05-02 22:31 - 2018-05-02 22:31 - 000290192 _____ C:\WINDOWS\Minidump\050218-19781-01.dmp
2018-05-02 20:57 - 2018-05-02 20:58 - 000290136 _____ C:\WINDOWS\Minidump\050218-22703-01.dmp
2018-05-02 20:50 - 2018-05-02 20:50 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2018-05-02 20:08 - 2018-05-02 20:08 - 000290192 _____ C:\WINDOWS\Minidump\050218-33656-01.dmp
2018-05-02 19:27 - 2018-05-02 19:27 - 000000000 ____D C:\ProgramData\TrueSuite
2018-05-02 19:26 - 2018-05-02 19:26 - 000290192 _____ C:\WINDOWS\Minidump\050218-31234-01.dmp
2018-05-02 18:54 - 2018-05-02 18:54 - 000290192 _____ C:\WINDOWS\Minidump\050218-31140-01.dmp
2018-05-02 18:10 - 2018-05-02 18:10 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-05-02 18:09 - 2018-05-02 18:10 - 000290192 _____ C:\WINDOWS\Minidump\050218-120390-01.dmp
2018-05-02 17:43 - 2018-05-02 17:43 - 000289272 _____ C:\WINDOWS\Minidump\050218-127703-01.dmp
2018-05-02 17:20 - 2018-05-02 17:20 - 000000000 __SHD C:\found.000
2018-05-01 22:57 - 2018-05-01 22:57 - 000290224 _____ C:\WINDOWS\Minidump\050118-132812-01.dmp
2018-05-01 21:52 - 2018-05-01 21:53 - 000286840 _____ C:\WINDOWS\Minidump\050118-28390-01.dmp
2018-05-01 21:21 - 2018-05-01 21:21 - 000286696 _____ C:\WINDOWS\Minidump\050118-24671-01.dmp
2018-05-01 20:45 - 2018-05-01 20:46 - 000290240 _____ C:\WINDOWS\Minidump\050118-134734-01.dmp
2018-04-26 23:07 - 2018-04-26 23:07 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc-BackupByVLCPortable
2018-04-19 19:33 - 2018-04-19 19:34 - 000290120 _____ C:\WINDOWS\Minidump\041918-160875-01.dmp
2018-04-18 19:33 - 2018-04-18 19:33 - 000290240 _____ C:\WINDOWS\Minidump\041818-132609-01.dmp
2018-04-11 18:26 - 2018-03-23 15:50 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-04-11 18:26 - 2018-03-23 01:00 - 025742336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-11 18:26 - 2018-03-22 23:26 - 020287488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-11 18:26 - 2018-03-22 23:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-11 18:26 - 2018-03-22 23:15 - 005780480 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-11 18:26 - 2018-03-22 23:06 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-11 18:26 - 2018-03-22 22:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-11 18:26 - 2018-03-22 22:42 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-11 18:26 - 2018-03-22 22:37 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-11 18:26 - 2018-03-22 22:29 - 015282688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-11 18:26 - 2018-03-22 22:29 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-11 18:26 - 2018-03-22 22:29 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-11 18:26 - 2018-03-22 22:29 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-11 18:26 - 2018-03-22 22:27 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-11 18:26 - 2018-03-22 22:21 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-11 18:26 - 2018-03-22 22:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-11 18:26 - 2018-03-22 22:20 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-11 18:26 - 2018-03-22 22:15 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-11 18:26 - 2018-03-22 22:15 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-11 18:26 - 2018-03-22 22:15 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-11 18:26 - 2018-03-22 22:14 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-11 18:26 - 2018-03-22 22:04 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-11 18:26 - 2018-03-22 21:55 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-11 18:26 - 2018-03-22 21:53 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-11 18:26 - 2018-03-22 21:52 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-11 18:26 - 2018-03-22 21:51 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-11 18:26 - 2018-03-10 19:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-11 18:26 - 2018-03-10 02:16 - 001549136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-11 18:26 - 2018-03-10 02:16 - 000388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-11 18:26 - 2018-03-09 23:20 - 007405392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-11 18:26 - 2018-03-09 23:20 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-11 18:26 - 2018-03-09 23:20 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-11 18:26 - 2018-03-09 23:20 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-11 18:26 - 2018-03-09 23:20 - 001500424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-11 18:26 - 2018-03-09 23:20 - 001371344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-11 18:26 - 2018-03-09 23:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-11 18:26 - 2018-03-09 21:59 - 000121168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-11 18:26 - 2018-03-09 16:52 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-11 18:26 - 2018-03-09 16:52 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-11 18:26 - 2018-03-09 16:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-11 18:26 - 2018-03-09 16:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-11 18:26 - 2018-03-08 20:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-04-11 18:26 - 2018-03-08 20:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-04-11 18:26 - 2018-03-08 16:21 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-11 18:26 - 2018-03-08 01:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-11 18:26 - 2018-03-08 01:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-11 18:26 - 2018-03-07 21:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-11 18:26 - 2018-03-07 20:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-11 18:26 - 2018-03-03 19:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-11 18:26 - 2018-03-03 19:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-11 18:26 - 2018-02-10 03:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-11 18:26 - 2018-02-10 03:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-11 18:26 - 2018-02-09 19:44 - 000276304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-11 18:26 - 2018-02-09 19:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-11 18:26 - 2018-02-08 20:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-11 18:26 - 2018-02-08 20:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-11 18:26 - 2018-02-08 20:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-04-11 18:26 - 2018-02-08 20:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-04-11 18:26 - 2018-02-08 19:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-11 18:26 - 2018-02-08 19:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-11 18:26 - 2018-02-08 19:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-11 18:26 - 2018-02-08 19:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-11 18:26 - 2018-02-08 19:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-11 18:26 - 2018-02-08 19:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-11 18:26 - 2018-02-08 19:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-04-11 18:26 - 2018-02-08 19:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-11 18:26 - 2018-02-08 19:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-11 18:26 - 2018-01-25 16:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-11 18:26 - 2018-01-25 16:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-04-11 18:24 - 2018-03-16 20:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-11 18:24 - 2018-03-14 15:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-11 18:24 - 2018-03-14 15:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-11 18:24 - 2018-03-14 15:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-08 11:58 - 2014-10-20 11:54 - 002624346 _____ C:\WINDOWS\ntbtlog.txt
2018-05-07 22:15 - 2016-02-02 18:30 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd7f79d79c.job
2018-05-07 22:15 - 2015-08-29 14:25 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e255bd4c6ddf.job
2018-05-07 22:15 - 2015-05-17 14:18 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0909ba687ea90.job
2018-05-07 22:15 - 2014-11-05 13:16 - 000000000 ____D C:\Users\admin
2018-05-07 22:15 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-07 22:15 - 2013-06-26 19:18 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-05-07 21:52 - 2017-12-10 21:43 - 599577059 _____ C:\WINDOWS\MEMORY.DMP
2018-05-07 21:45 - 2012-10-26 13:35 - 004043091 _____ C:\ProgramData\MH_ErrorLog.txt
2018-05-06 23:36 - 2013-11-13 15:54 - 000000000 ___RD C:\Users\admin\Dropbox
2018-05-06 23:35 - 2013-10-18 14:01 - 000000000 ____D C:\Users\admin\AppData\Roaming\Seznam.cz
2018-05-06 23:34 - 2013-06-26 19:18 - 000000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-05-06 23:21 - 2015-06-28 20:16 - 000000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-736925393-32956484-3246383293-1001UA.job
2018-05-06 22:55 - 2012-12-08 04:39 - 000000000 ____D C:\Users\admin\AppData\LocalLow\AuthenTec
2018-05-06 22:51 - 2014-09-24 18:23 - 000005426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-06 22:51 - 2014-09-24 17:39 - 000734228 _____ C:\WINDOWS\system32\perfh005.dat
2018-05-06 22:51 - 2014-09-24 17:39 - 000150078 _____ C:\WINDOWS\system32\perfc005.dat
2018-05-05 15:20 - 2013-06-26 21:21 - 000000000 ____D C:\Users\admin\AppData\Local\GHISLER
2018-05-05 14:30 - 2013-10-01 09:26 - 001129984 ___SH C:\Users\admin\Desktop\Thumbs.db
2018-05-05 13:17 - 2017-12-10 21:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-02 17:57 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-01 21:08 - 2016-05-11 18:31 - 000003050 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1aba28685bd79
2018-04-27 07:29 - 2012-12-07 23:43 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-736925393-32956484-3246383293-1001
2018-04-27 00:33 - 2013-06-26 19:19 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 00:33 - 2013-06-26 19:19 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-23 21:25 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-17 21:12 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-04-17 20:52 - 2018-02-20 19:41 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-17 20:51 - 2013-08-22 16:44 - 000521696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-17 20:45 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-04-11 19:56 - 2013-09-28 15:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-04-11 19:51 - 2013-07-18 18:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-11 19:41 - 2017-10-12 21:29 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-11 19:41 - 2012-12-16 20:36 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-11 19:41 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-11 19:34 - 2012-07-26 07:26 - 000000167 _____ C:\WINDOWS\win.ini

==================== Files in the root of some directories =======

2012-12-08 04:40 - 2012-12-12 15:52 - 000001524 _____ () C:\Users\admin\AppData\Roaming\AbsoluteReminder.xml
2013-07-08 23:39 - 2015-06-07 20:41 - 000012288 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\admin\AppData\Local\Temp\dlusb_launcherC120.exe


Some files in TEMP:
====================
2018-01-11 18:48 - 2011-07-25 11:30 - 000434176 _____ () C:\Users\admin\AppData\Local\Temp\awiscale.dll
2018-01-11 18:48 - 2011-09-15 14:08 - 000147456 _____ () C:\Users\admin\AppData\Local\Temp\DLCapAPI.dll
2018-01-11 18:48 - 2011-10-06 04:28 - 000110592 _____ (Grain Media, Inc.) C:\Users\admin\AppData\Local\Temp\dlusb_launcherC120.exe
2018-05-02 17:59 - 2018-05-02 17:59 - 000000000 _____ () C:\Users\admin\AppData\Local\Temp\x5nvllvu.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-03 19:35

==================== End of FRST.txt ============================
Přílohy
Addition.zip
(10.15 KiB) Staženo 59 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosim o kontrolu logu

#6 Příspěvek od Conder »

:arrow: OK, spusti PC v nudzovom rezime so sietou a pokracuj nasledovne:

:arrow: Urob v MBAM uplny sken
  • Stiahni a nainstaluj Malwarebytes (MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
  • Ignoruj skusobnu trial verziu
  • Otvor MBAM a vlavo klikni na "Skenovat"
  • Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
  • Klikni na Skenovat teraz a pockaj na dokoncenie
  • Po dokonceni klikni na Exportovat zhrnutie -> Textovy subor, zadaj nejaky nazov suboru a uloz na plochu
  • Obsah tohto suboru sem skopiruj
  • Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jajsemhonzik
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 úno 2014 11:33

Re: Prosim o kontrolu logu

#7 Příspěvek od jajsemhonzik »

Nevím jestli jsem provedl správně export dat, ale každopádně to co shledal škodlivé jsem dal do karantény (v příloze print screen)

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 08.05.18
Čas skenování: 15:39
Logovací soubor: 4a83be76-52c5-11e8-bca6-089e01358ac9.json
Správce: Ano

-Informace o softwaru-
Verze: 3.4.5.2467
Verze komponentů: 1.0.342
Aktualizovat verzi balíku komponent: 1.0.5016
Licence: Bezplatný

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: E130-1\admin

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 369294
Zjištěné hrozby: 7
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 hod, 3 min, 22 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 1
PUP.Optional.Tuvaro, HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FA2BEAB7-E831-4D61-82D7-7AE3F875B0A8}, Žádná uživatelská akce, [356], [244277],1.0.5016

Hodnota v registru: 4
PUP.Optional.Tuvaro, HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FA2BEAB7-E831-4D61-82D7-7AE3F875B0A8}|DISPLAYNAME, Žádná uživatelská akce, [356], [244277],1.0.5016
PUP.Optional.Tuvaro, HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FA2BEAB7-E831-4D61-82D7-7AE3F875B0A8}|URL, Žádná uživatelská akce, [356], [244277],1.0.5016
PUP.Optional.Tuvaro, HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FA2BEAB7-E831-4D61-82D7-7AE3F875B0A8}|OSDFILEURL, Žádná uživatelská akce, [356], [244277],1.0.5016
PUP.Optional.Tuvaro, HKU\S-1-5-21-736925393-32956484-3246383293-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FA2BEAB7-E831-4D61-82D7-7AE3F875B0A8}|FAVICONURL, Žádná uživatelská akce, [356], [244277],1.0.5016

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 2
PUP.Optional.OpenCandy, C:\USERS\ADMIN\APPDATA\ROAMING\REAL\UPDATE\UPGRADEHELPER\REALPLAYER\10.40\AGENT\STUB_DATA\STUBINST_PKG_EN-EU.CAB, Žádná uživatelská akce, [1022], [297667],1.0.5016
RiskWare.Agent, C:\USERS\ADMIN\DESKTOP\_ADELKA\SOFTWARE\ESET SMART SECURITY A ESET NOD32 ANTIVIRUS 5.0.94.0 CZ (X86,X64BIT) COMPLET\3) TNODUP 1.4.1 FINAL\TNOD USER & PASSWORD FINDER\UNINST-TNOD.EXE, Žádná uživatelská akce, [3830], [352776],1.0.5016

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)
Přílohy
karantena.zip
(109.34 KiB) Staženo 46 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosim o kontrolu logu

#8 Příspěvek od Conder »

:arrow: OK, vyexportuj este raz log z MBAM (vlavo cez moznost Reports, v cestine asi Zpravy) a posli v dalsej odpovedi.

:arrow: Poprosim o nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět