Stránka 1 z 1

ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 10 srp 2018 15:43
od morlock
Dobrý den,

zkousel pročistit počítač. Adwcleaner našel nějaké hrozby ale neumí je odstarnit :frusty: . Píše, že odstraněno, ale po restartu je najde znovu. Vkládám log z RSITu a Adwcleaneru. Díky Martin


Logfile of random's system information tool 1.10 (written by random/random)
Run by Bedna at 2018-08-10 16:35:44
Microsoft Windows 10 Home
System drive C: has 93 GB (77%) free of 121 GB
Total RAM: 3960 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:49, on 10.08.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Users\Bedna\Desktop\udrzba\adwcleaner_7.2.2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\trend micro\Bedna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus17win10.msn.com/?pc=ASTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus17win10.msn.com/?pc=ASTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [AvastBrowserAutoLaunch_12ABAA830F97FF93E7FB0B813B532280] "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --onboarding-at-startup
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 2510 series.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHDCPSvc.exe
O23 - Service: Device Activation Service (DevActSvc) - Unknown owner - C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem14.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Unknown owner - C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 9307 bytes

======Listing Processes======








winlogon.exe


c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7b1d18d8-f4aa-4da4-89de-728c8967b366 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c2a0009c-214b-457f-a0c9-95db5b9524cf -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-a5a25382-988d-498c-ba0d-30b0f14ebe8d -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-38be477f-9d69-487f-94f5-a3505d6c4101 -LifetimeId:66707d19-6de0-46be-9838-2e9135be34da -DeviceGroupId:
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem

c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\igfxCUIService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection

"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
C:/Users/Bedna/Desktop/udrzba/adwcleaner_7.2.2.exe /r
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\igfxEM.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHDCPSvc.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer

C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
"C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHeciSvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc

C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe"
"C:\WINDOWS\system32\RunDll32.exe" "C:\Program Files\HP\HP Deskjet 2510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN29E383Z705TX;CONNECTION=USB;MONITOR=1;
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\AdwCleaner\Logs\AdwCleaner[S02].txt
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Bedna\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Bedna\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x1dc,0x1e0,0x1e4,0x1d8,0x1e8,0x7ffa0a1824d0,0x7ffa0a1824e0,0x7ffa0a1824f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=748 --on-initialized-event-handle=680 --parent-handle=688 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,15022614317168464111,16653236616017268866,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=AEF504CA61AC3277C25476AF5B354A88 --mojo-platform-channel-handle=1560 --ignored=" --type=renderer " /prefetch:2
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc

c:\windows\system32\svchost.exe -k netsvcs -p
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"

C:\WINDOWS\system32\AUDIODG.EXE 0x330
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15022614317168464111,16653236616017268866,131072 --service-pipe-token=C9AA9F8C3FE6496CDB35125EBF1B5FFC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C9AA9F8C3FE6496CDB35125EBF1B5FFC --renderer-client-id=101 --mojo-platform-channel-handle=1896 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15022614317168464111,16653236616017268866,131072 --service-pipe-token=D00EBA8CEBDE0584179B0470FE05F720 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=D00EBA8CEBDE0584179B0470FE05F720 --renderer-client-id=102 --mojo-platform-channel-handle=5864 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15022614317168464111,16653236616017268866,131072 --service-pipe-token=C40E3D6C1D3FFE48EDA9230699D94D1A --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C40E3D6C1D3FFE48EDA9230699D94D1A --renderer-client-id=103 --mojo-platform-channel-handle=7116 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15022614317168464111,16653236616017268866,131072 --service-pipe-token=25C39B1A625689E3631F2A1F4ED42447 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=25C39B1A625689E3631F2A1F4ED42447 --renderer-client-id=104 --mojo-platform-channel-handle=6804 /prefetch:1
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Users\Bedna\Desktop\udrzba\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-06-27 242904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe [2018-04-12 20488312]
"AvastBrowserAutoLaunch_12ABAA830F97FF93E7FB0B813B532280"=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2018-07-19 1721560]

C:\Users\Bedna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - HP Deskjet 2510 series.lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-08-10 16:35:44 ----D---- C:\rsit
2018-08-10 16:35:44 ----D---- C:\Program Files\trend micro
2018-08-10 16:17:58 ----D---- C:\AdwCleaner
2018-08-10 16:14:28 ----D---- C:\Program Files\CCleaner
2018-07-11 18:59:42 ----D---- C:\Program Files (x86)\AVAST Software
2018-07-11 17:56:40 ----SD---- C:\WINDOWS\SYSWOW64\Microsoft

======List of files/folders modified in the last 1 month======

2018-08-10 16:35:48 ----D---- C:\WINDOWS\system32\drivers\etc
2018-08-10 16:35:44 ----RD---- C:\Program Files
2018-08-10 16:33:36 ----D---- C:\WINDOWS\Temp
2018-08-10 16:31:24 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-08-10 16:28:02 ----D---- C:\WINDOWS\System32
2018-08-10 16:28:02 ----D---- C:\WINDOWS\INF
2018-08-10 16:28:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-10 16:27:33 ----D---- C:\WINDOWS\Prefetch
2018-08-10 16:27:24 ----D---- C:\WINDOWS\SoftwareDistribution
2018-08-10 16:27:23 ----D---- C:\Windows
2018-08-10 16:23:54 ----D---- C:\WINDOWS\system32\Tasks
2018-08-10 16:23:01 ----D---- C:\WINDOWS\system32\sru
2018-08-10 16:15:37 ----DC---- C:\WINDOWS\Panther
2018-08-10 16:15:36 ----D---- C:\WINDOWS\LiveKernelReports
2018-08-10 16:15:36 ----D---- C:\WINDOWS\debug
2018-08-10 15:10:07 ----D---- C:\WINDOWS\AppReadiness
2018-08-10 06:51:42 ----HD---- C:\Program Files\WindowsApps
2018-08-08 20:37:11 ----D---- C:\WINDOWS\Logs
2018-08-08 20:36:59 ----D---- C:\WINDOWS\system32\drivers
2018-08-08 20:36:41 ----D---- C:\WINDOWS\system32\catroot2
2018-08-03 09:40:42 ----D---- C:\ProgramData\Packages
2018-07-31 20:55:54 ----D---- C:\WINDOWS\system32\SleepStudy
2018-07-28 12:37:25 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-07-24 20:13:05 ----D---- C:\WINDOWS\system32\LogFiles
2018-07-23 20:46:26 ----RD---- C:\WINDOWS\Microsoft.NET
2018-07-18 21:32:13 ----D---- C:\WINDOWS\CbsTemp
2018-07-12 18:53:14 ----D---- C:\WINDOWS\system32\config
2018-07-11 19:04:46 ----SHDC---- C:\WINDOWS\Installer
2018-07-11 18:59:42 ----RD---- C:\Program Files (x86)
2018-07-11 18:26:46 ----D---- C:\WINDOWS\WinSxS
2018-07-11 18:24:16 ----RD---- C:\WINDOWS\assembly
2018-07-11 18:18:46 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 18:18:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-07-11 17:56:40 ----D---- C:\WINDOWS\SysWOW64

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2018-06-27 201328]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2018-06-27 346664]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2018-06-27 59592]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2018-06-27 85968]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2018-06-27 381584]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-04-12 58272]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2018-06-27 197160]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2018-06-27 229392]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2018-06-27 239680]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2018-06-27 111872]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2018-06-27 1027728]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2018-07-23 467064]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2015-05-08 20096]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2018-06-27 159640]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2018-06-27 211160]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-04-12 414208]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-04-12 43520]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2016-11-14 29312]
R3 AsusPTPDrv;@oem13.inf,%AsusPTP.SvcDesc%;ASUS Touch Service; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [2016-09-01 107008]
R3 athr;@oem15.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athw10x.sys [2016-11-01 4591032]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-08-26 608664]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-04-12 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 dptf_acpi;dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [2016-11-01 71232]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2016-11-01 66616]
R3 esif_lf;esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [2016-11-01 350272]
R3 HIDSwitch;@oem16.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsRadioControl.sys [2016-12-19 31120]
R3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
R3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
R3 igfx;igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\igdkmd64.sys [2016-12-06 11039712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2016-09-23 5324808]
R3 IntcDAud;@oem1.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-11-23 822248]
R3 MEIx64;@oem4.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2016-08-10 204912]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 RSBASTOR;@oem0.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys [2016-09-02 346120]
R3 rt640x64;@oem21.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-08-01 943112]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-04-12 128416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 aswElam;aswElam; C:\WINDOWS\system32\drivers\aswElam.sys [2018-06-27 15360]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2018-06-27 46976]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-04-12 92056]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-06-15 1069056]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-04-12 73632]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-06-15 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2016-07-28 130744]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2016-08-26 325600]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-06-27 322464]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_279d9;CDPUserSvc_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHDCPSvc.exe [2016-12-06 480224]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 esifsvc;@oem14.inf,%ServiceDisplayName%;ESIF Upper Framework Service; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2016-11-01 2215168]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\igfxCUIService.exe [2016-12-06 341984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [2016-11-16 176416]
R2 OneSyncSvc_279d9;OneSyncSvc_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-06-15 761440]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-06-27 7780400]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHeciSvc.exe [2016-12-06 301536]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-20 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-07-11 164984]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20 153168]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-07-11 164984]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_279d9;BcastDVRUserService_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_279d9;BluetoothUserService_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevActSvc;Device Activation Service; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [2018-06-05 326032]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_279d9;DevicePickerUserSvc_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_279d9;DevicesFlowUserSvc_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-04-12 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20 153168]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\iCLS\SocketHeciServer.exe [2016-05-23 974632]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_279d9;MessagingService_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc_279d9;PimIndexMaintenanceSvc_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_279d9;PrintWorkflowUserSvc_279d9; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]

-----------------EOF-----------------





A log z Adw cleaneru


# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-09.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-10-2018
# Duration: 00:00:21
# OS: Windows 10 Home
# Scanned: 41770
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4019c5c4-3cb3-47e6-a617-d368f50f64b3}|DhcpNameServer - "77.236.192.130"
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|DhcpNameServer - "77.236.192.130"

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1630 octets] - [10/08/2018 16:18:31]
AdwCleaner[C00].txt - [1722 octets] - [10/08/2018 16:18:43]
AdwCleaner[S01].txt - [1622 octets] - [10/08/2018 16:22:27]
AdwCleaner[C01].txt - [1770 octets] - [10/08/2018 16:22:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 10 srp 2018 16:09
od Conder
Ahoj :)

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 10 srp 2018 16:37
od morlock
Stranka s Launcherem nejde otevrit takze jenom FRST log a prilozen soubor s adidtion logem.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Bedna (administrator) on DESKTOP-3GORU88 (10-08-2018 17:30:49)
Running from C:\Users\Bedna\Desktop\udrzba
Loaded Profiles: Bedna (Available Profiles: Bedna)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHDCPSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_15a31af13552ac52\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-27] (AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-88834924-222117314-2506239056-1001\...\Run: [AvastBrowserAutoLaunch_12ABAA830F97FF93E7FB0B813B532280] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1721560 2018-07-19] (AVAST Software)
HKU\S-1-5-21-88834924-222117314-2506239056-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [148480 2018-04-12] (Microsoft Corporation)
Startup: C:\Users\Bedna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2510 series.lnk [2018-08-10]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.2 77.236.192.130
Tcpip\..\Interfaces\{4019c5c4-3cb3-47e6-a617-d368f50f64b3}: [DhcpNameServer] 192.168.200.2 77.236.192.130

Internet Explorer:
==================
HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-88834924-222117314-2506239056-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-88834924-222117314-2506239056-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default [2018-08-10]
CHR Extension: (Prezentace) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-20]
CHR Extension: (Dokumenty) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-20]
CHR Extension: (Disk Google) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-20]
CHR Extension: (YouTube) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-20]
CHR Extension: (Tabulky) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-20]
CHR Extension: (Avast Online Security) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-20]
CHR Extension: (Chrome Media Router) - C:\Users\Bedna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-27] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-08-26] (Windows (R) Win 7 DDK provider)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-27] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-11] (AVAST Software)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] ()
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2215168 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\iCLS\SocketHeciServer.exe [974632 2016-05-23] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [176416 2016-11-16] (Intel Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [107008 2016-09-01] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-27] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-27] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-27] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-27] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-27] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-27] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-27] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-27] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-27] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-27] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-27] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-27] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4591032 2016-11-01] (Qualcomm Atheros Communications, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-11-01] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66616 2016-11-01] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-11-01] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUS)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-10 17:30 - 2018-08-10 17:30 - 000000000 ____D C:\FRST
2018-08-10 16:35 - 2018-08-10 16:35 - 000000000 ____D C:\rsit
2018-08-10 16:35 - 2018-08-10 16:35 - 000000000 ____D C:\Program Files\trend micro
2018-08-10 16:33 - 2018-08-10 16:33 - 002412544 _____ (Farbar) C:\Users\Bedna\Downloads\FRST64.exe
2018-08-10 16:33 - 2018-08-10 16:33 - 002412544 _____ (Farbar) C:\Users\Bedna\Downloads\FRST64 (1).exe
2018-08-10 16:30 - 2018-08-10 16:30 - 001222144 _____ C:\Users\Bedna\Downloads\RSITx64 (1).exe
2018-08-10 16:28 - 2018-08-10 16:28 - 001222144 _____ C:\Users\Bedna\Downloads\RSITx64.exe
2018-08-10 16:17 - 2018-08-10 16:18 - 000000000 ____D C:\AdwCleaner
2018-08-10 16:16 - 2018-08-10 16:16 - 000059694 _____ C:\Users\Bedna\Documents\cc_20180810_161616.reg
2018-08-10 16:16 - 2018-08-10 16:16 - 000005230 _____ C:\Users\Bedna\Documents\cc_20180810_161646.reg
2018-08-10 16:14 - 2018-08-10 16:14 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-10 16:14 - 2018-08-10 16:14 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-08-10 16:14 - 2018-08-10 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-10 16:14 - 2018-08-10 16:14 - 000000000 ____D C:\Program Files\CCleaner
2018-08-10 16:13 - 2018-08-10 16:13 - 015989160 _____ (Piriform Ltd) C:\Users\Bedna\Downloads\ccsetup544.exe
2018-08-10 16:12 - 2018-08-10 17:30 - 000000000 ____D C:\Users\Bedna\Desktop\udrzba
2018-08-10 16:12 - 2018-08-10 16:12 - 007417040 _____ (Malwarebytes) C:\Users\Bedna\Downloads\adwcleaner_7.2.2.exe
2018-08-10 16:11 - 2018-08-10 16:11 - 000027136 _____ C:\Users\Bedna\Desktop\triatlonHradec2018VysledkyDeti.xls
2018-08-10 16:08 - 2018-08-10 16:08 - 000027136 _____ C:\Users\Bedna\Downloads\triatlonHradec2018VysledkyDeti.xls
2018-08-08 20:41 - 2018-08-08 20:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-88834924-222117314-2506239056-1001
2018-07-31 21:04 - 2018-07-31 21:04 - 000019161 _____ C:\Users\Bedna\Downloads\ReservationConfirmation (1).pdf
2018-07-31 19:49 - 2018-07-31 19:49 - 000400623 _____ C:\Users\Bedna\Downloads\Melzer_Kooperativa_KOL_5045433105_AK_180731_194059.pdf
2018-07-31 19:47 - 2018-07-31 19:47 - 000360989 _____ C:\Users\Bedna\Downloads\Melzer_Kooperativa_KOL_5045433105_smlouva_180731_194057.pdf
2018-07-28 13:02 - 2018-06-21 16:22 - 115080506 _____ C:\Users\Bedna\Desktop\VID_20180621_162152.mp4
2018-07-28 12:37 - 2018-07-28 12:37 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-07-27 20:10 - 2018-07-27 20:10 - 000042745 _____ C:\Users\Bedna\Downloads\11615522G (1).pdf
2018-07-27 20:07 - 2018-07-27 20:07 - 000042745 _____ C:\Users\Bedna\Downloads\11615522G.pdf
2018-07-18 20:57 - 2018-07-18 20:57 - 000034464 _____ C:\Users\Bedna\Downloads\F_2085211918.pdf
2018-07-16 10:44 - 2018-07-16 10:44 - 000019161 _____ C:\Users\Bedna\Downloads\ReservationConfirmation.pdf
2018-07-11 20:14 - 2018-07-11 21:09 - 000000000 ____D C:\Users\Bedna\AppData\Local\PlaceholderTileLogoFolder
2018-07-11 19:00 - 2018-07-24 20:11 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-11 19:00 - 2018-07-24 20:11 - 000002465 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-11 18:59 - 2018-07-11 18:59 - 000003512 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
2018-07-11 18:59 - 2018-07-11 18:59 - 000003388 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
2018-07-11 18:59 - 2018-07-11 18:59 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-07-11 17:57 - 2018-07-11 18:59 - 000000000 ____D C:\Users\Bedna\AppData\Local\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-10 17:31 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-10 17:17 - 2017-11-10 00:24 - 000000182 _____ C:\Users\Bedna\AppData\Roaming\sp_data.sys
2018-08-10 16:28 - 2018-05-20 09:44 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-10 16:28 - 2018-04-12 17:50 - 000717712 _____ C:\WINDOWS\system32\perfh005.dat
2018-08-10 16:28 - 2018-04-12 17:50 - 000144954 _____ C:\WINDOWS\system32\perfc005.dat
2018-08-10 16:28 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-10 16:23 - 2018-05-20 09:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-10 16:23 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-10 16:23 - 2017-11-10 00:21 - 000000000 __SHD C:\Users\Bedna\IntelGraphicsProfiles
2018-08-10 16:15 - 2018-05-18 20:44 - 000000000 ___DC C:\WINDOWS\Panther
2018-08-10 16:15 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-10 15:50 - 2018-05-20 09:42 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-08-10 15:50 - 2018-05-20 09:42 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-08-10 15:50 - 2018-02-20 18:26 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 15:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-10 06:51 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-08 20:30 - 2018-05-20 09:42 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-08-03 09:40 - 2018-06-20 17:37 - 000000000 ____D C:\ProgramData\Packages
2018-07-31 20:55 - 2018-05-20 09:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-23 20:13 - 2018-02-20 18:15 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-18 21:32 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-11 20:14 - 2018-02-27 11:42 - 000000000 ____D C:\Users\Bedna\AppData\Local\Packages
2018-07-11 18:18 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 17:56 - 2018-05-20 09:32 - 000488048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 17:56 - 2018-02-26 14:35 - 000000000 ___RD C:\Users\Bedna\3D Objects
2018-07-11 17:56 - 2017-11-09 23:23 - 000000000 __RHD C:\Users\Public\AccountPictures

==================== Files in the root of some directories =======

2017-11-10 00:24 - 2018-08-10 17:17 - 000000182 _____ () C:\Users\Bedna\AppData\Roaming\sp_data.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 09:32

==================== End of FRST.txt ============================

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 10 srp 2018 19:43
od Conder
:arrow: Aky je tvoj poskytovatel pripojenia k internetu?

:arrow: Zapni obnovu systemu
  • Stlac Win+R, napis "sysdm.cpl" (bez uvodzoviek) a stlac enter
  • Klikni na kartu Ochrana systemu a potom na Konfigurovat
  • Vyber moznost Zapnut ochranu systemu a klikni na OK
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
    HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
    SearchScopes: HKU\S-1-5-21-88834924-222117314-2506239056-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-88834924-222117314-2506239056-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    2018-08-10 16:35 - 2018-08-10 16:35 - 000000000 ____D C:\rsit
    2018-08-10 16:35 - 2018-08-10 16:35 - 000000000 ____D C:\Program Files\trend micro
    2018-08-10 16:30 - 2018-08-10 16:30 - 001222144 _____ C:\Users\Bedna\Downloads\RSITx64 (1).exe
    2018-08-10 16:28 - 2018-08-10 16:28 - 001222144 _____ C:\Users\Bedna\Downloads\RSITx64.exe
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 10 srp 2018 20:54
od morlock
Udelal jsem vse dle navodu, vypis z fixlog je nize. Adwcleaner stale detekuje ty dve hrozby.

Internet poskytuje mistni vesnicky pepino, instaluje anteny na wifi po strechach. zrejme je zprostredkovatel. Kdo poskytuje internet jemu nevim.

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Bedna (10-08-2018 21:44:14) Run:1
Running from C:\Users\Bedna\Desktop\udrzba
Loaded Profiles: Bedna (Available Profiles: Bedna)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-88834924-222117314-2506239056-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-88834924-222117314-2506239056-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2018-08-10 16:35 - 2018-08-10 16:35 - 000000000 ____D C:\rsit
2018-08-10 16:35 - 2018-08-10 16:35 - 000000000 ____D C:\Program Files\trend micro
2018-08-10 16:30 - 2018-08-10 16:30 - 001222144 _____ C:\Users\Bedna\Downloads\RSITx64 (1).exe
2018-08-10 16:28 - 2018-08-10 16:28 - 001222144 _____ C:\Users\Bedna\Downloads\RSITx64.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-88834924-222117314-2506239056-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-88834924-222117314-2506239056-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-88834924-222117314-2506239056-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Bedna\Downloads\RSITx64 (1).exe => moved successfully
C:\Users\Bedna\Downloads\RSITx64.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24406859 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2780893 B
Edge => 13607 B
Chrome => 17319728 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Bedna => 10701285 B

RecycleBin => 0 B
EmptyTemp: => 61.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:46:04 ====

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 10 srp 2018 21:38
od Conder
Tie 2 polozky, ktore detekuje AdwCleaner, je aktualne pouzivana IP adresa DNS servera 77.236.192.130. Tato IP adresa bola automaticky nastavena/ziskana z routra (cez DHCP), takze zrejme patri poskytovatelovi internetu (ak nie je na routri nastavena tato adresa manualne). Preco ju AdwCleaner oznacil ako hrozbu neviem, ale ak funguje internet bez problemov, tak to zrejme bude len falosny poplach.

Alternativne je mozne tento DNS server nepouzivat a nastavit si na PC manualne DNS servery napr. od Google, navod napr. tu.

Pripadne sa skus opytat poskytovatela na tu IP adresu, ci patri jemu.

Inak PC vyzera podla logov cisty.

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 11 srp 2018 08:59
od morlock
Dekuji za pomoc a odpovedi. Zeptam se poskytovatele. Eventuelne sem dam jeho odpoved pro ostatni pro vzdelavaci duvody :D

Diky Marin

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 11 srp 2018 10:44
od morlock
Tak tady je slíbená odpověď od poskytovatele internetu.



Uvedená IP adresa je skutečně DNS server našeho dodavatele konektivity.
Považoval bych to za falešný poplach.
Tyto služby jsou u ISP velice sledovány, protože DNS je nejsnáze zneužitelná pro vedení útoků na další zařízení.

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 11 srp 2018 18:55
od Conder
:arrow: Super, dik za info.

:arrow: Ak uz ine problemy s PC nie su, tak este upraceme po pouzitych nastrojoch: :arrow: Skontroluj velkost plochy (C:\Users\Bedna\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 11 srp 2018 22:01
od morlock
Hotovo,

diky za pomoc.

S pozdravem

Martin

Re: ADWcleaner neumi odstranit dve hrozby v registrech

Napsal: 11 srp 2018 22:34
od Conder
Nie je zaco, rad som pomohol :)