Zavirovaný notebook

Zpráva

Mankind · #1 Příspěvek od **Mankind** » 14 zář 2018 12:11

Dobrý den, prosím Vás, "zdědil" jsem po bratrovi starý notebook, ale jak ho znám, tak je celkem neopatrný v navštěvování různých webů, a dokonce občas i kliknutí na nějaký ten mail. Notebook bude určitě zavirovaný, vyskakují mi tu občas okna a reklamy na internetu, aniž bych něco dělal. Dále je to tu hrozně zpomalené.

Chtěl bych Vás teda poprosit o pomoc s odvirováním. Děkuji mnohokrát.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Morčátka at 2018-09-14 12:59:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 21 GB (28%) free of 76 GB
Total RAM: 1527 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:59:50, on 14.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19130)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Morčátka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Morčátka\Desktop\RSIT.exe
C:\Program Files\trend micro\Morčátka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.gmx.com/start?src=p_jkld ... &p_w=y1w20
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Morčátka\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Morčátka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [McAfeeSafeConnect] C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

--
End of file - 6836 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Morčátka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default

prefs.js - "browser.startup.homepage" - "moz-extension://e57f1734-2c2e-4605-8da2-91537ecef4f3/dynamicHomePage.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 31.0.0.108 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-25 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-25 150552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-03 1791272]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2010-02-25 287800]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-08-31 242392]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2018-03-27 1069296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-11-30 3280728]
"cz.seznam.software.autoupdate"=C:\Users\Morčátka\AppData\Roaming\Seznam.cz\szninstall.exe [2018-03-27 1069296]
"cz.seznam.software.szndesktop"=C:\Users\Morčátka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2018-03-27 109808]
"McAfeeSafeConnect"=C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe []
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner.exe [2018-09-10 13797712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-08-06 217600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.FMVC"=fmcodec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-09-14 12:59:26 ----D---- C:\Program Files\trend micro
2018-09-14 12:59:25 ----D---- C:\rsit
2018-09-13 14:47:26 ----A---- C:\Windows\system32\mtxoci.dll
2018-09-13 14:47:25 ----A---- C:\Windows\system32\msorcl32.dll
2018-09-13 14:46:45 ----A---- C:\Windows\system32\webio.dll
2018-09-13 14:46:41 ----A---- C:\Windows\system32\shimeng.dll
2018-09-13 14:46:41 ----A---- C:\Windows\system32\sdbinst.exe
2018-09-13 14:46:41 ----A---- C:\Windows\system32\apphelp.dll
2018-09-13 14:46:41 ----A---- C:\Windows\system32\aelupsvc.dll
2018-09-13 14:46:37 ----A---- C:\Windows\system32\InkEd.dll
2018-09-13 14:46:34 ----A---- C:\Windows\explorer.exe
2018-09-13 14:46:25 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2018-09-13 14:46:21 ----A---- C:\Windows\system32\drivers\disk.sys
2018-09-13 14:43:08 ----A---- C:\Windows\system32\drivers\tpm.sys
2018-09-13 14:43:04 ----A---- C:\Windows\system32\tbs.dll
2018-09-13 14:43:04 ----A---- C:\Windows\system32\fveapibase.dll
2018-09-13 14:43:04 ----A---- C:\Windows\system32\fveapi.dll
2018-09-12 21:22:37 ----A---- C:\Windows\system32\mshtml.dll
2018-09-12 21:22:32 ----A---- C:\Windows\system32\jscript9.dll
2018-09-12 21:22:30 ----A---- C:\Windows\system32\shell32.dll
2018-09-12 21:22:28 ----A---- C:\Windows\system32\urlmon.dll
2018-09-12 21:22:28 ----A---- C:\Windows\system32\msxml6.dll
2018-09-12 21:22:27 ----A---- C:\Windows\system32\msxml3.dll
2018-09-12 21:22:27 ----A---- C:\Windows\system32\drivers\ks.sys
2018-09-12 21:22:26 ----A---- C:\Windows\system32\ntdll.dll
2018-09-12 21:22:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-09-12 21:22:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2018-09-12 21:22:25 ----A---- C:\Windows\system32\msjet40.dll
2018-09-12 21:22:24 ----A---- C:\Windows\system32\schedsvc.dll
2018-09-12 21:22:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-09-12 21:22:24 ----A---- C:\Windows\system32\msexcl40.dll
2018-09-12 21:22:24 ----A---- C:\Windows\system32\iedkcs32.dll
2018-09-12 21:22:24 ----A---- C:\Windows\system32\gdi32.dll
2018-09-12 21:22:24 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-09-12 21:22:23 ----A---- C:\Windows\system32\halmacpi.dll
2018-09-12 21:22:23 ----A---- C:\Windows\system32\hal.dll
2018-09-12 21:22:23 ----A---- C:\Windows\system32\drivers\netio.sys
2018-09-12 21:22:23 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-09-12 21:22:23 ----A---- C:\Windows\system32\drivers\bowser.sys
2018-09-12 21:22:22 ----A---- C:\Windows\system32\WindowsCodecs.dll
2018-09-12 21:22:22 ----A---- C:\Windows\system32\t2embed.dll
2018-09-12 21:22:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-12 21:22:22 ----A---- C:\Windows\system32\mf3216.dll
2018-09-12 21:22:22 ----A---- C:\Windows\system32\jscript.dll
2018-09-12 21:22:22 ----A---- C:\Windows\system32\halacpi.dll
2018-09-12 21:22:22 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-09-12 21:22:22 ----A---- C:\Windows\system32\atmfd.dll
2018-09-12 21:22:21 ----A---- C:\Windows\system32\rstrui.exe
2018-09-12 21:22:21 ----A---- C:\Windows\system32\drivers\mpsdrv.sys
2018-09-12 21:22:21 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-09-12 21:22:20 ----A---- C:\Windows\system32\wdigest.dll
2018-09-12 21:22:20 ----A---- C:\Windows\system32\TSpkg.dll
2018-09-12 21:22:20 ----A---- C:\Windows\system32\srcore.dll
2018-09-12 21:22:20 ----A---- C:\Windows\system32\schannel.dll
2018-09-12 21:22:20 ----A---- C:\Windows\system32\rpcrt4.dll
2018-09-12 21:22:20 ----A---- C:\Windows\system32\lsasrv.dll
2018-09-12 21:22:20 ----A---- C:\Windows\system32\kerberos.dll
2018-09-12 21:22:20 ----A---- C:\Windows\system32\advapi32.dll
2018-09-12 21:22:19 ----A---- C:\Windows\system32\smss.exe
2018-09-12 21:22:19 ----A---- C:\Windows\system32\rpchttp.dll
2018-09-12 21:22:19 ----A---- C:\Windows\system32\msv1_0.dll
2018-09-12 21:22:18 ----A---- C:\Windows\system32\ncrypt.dll
2018-09-12 21:22:18 ----A---- C:\Windows\system32\drivers\processr.sys
2018-09-12 21:22:18 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-09-12 21:22:18 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-09-12 21:22:17 ----A---- C:\Windows\system32\drivers\amdk8.sys
2018-09-12 21:22:16 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-09-12 21:22:16 ----A---- C:\Windows\system32\drivers\viac7.sys
2018-09-12 21:22:16 ----A---- C:\Windows\system32\csrsrv.dll
2018-09-12 21:22:16 ----A---- C:\Windows\system32\auditpol.exe
2018-09-12 21:22:16 ----A---- C:\Windows\system32\appidsvc.dll
2018-09-12 21:22:16 ----A---- C:\Windows\system32\appidapi.dll
2018-09-12 21:22:15 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-09-12 21:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-09-12 21:22:14 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-09-12 21:22:14 ----A---- C:\Windows\system32\apisetschema.dll
2018-09-12 21:22:13 ----A---- C:\Windows\system32\wininet.dll
2018-09-12 21:22:13 ----A---- C:\Windows\system32\ieframe.dll
2018-09-12 21:22:11 ----A---- C:\Windows\system32\sspicli.dll
2018-09-12 21:22:11 ----A---- C:\Windows\system32\srclient.dll
2018-09-12 21:22:11 ----A---- C:\Windows\system32\lsass.exe
2018-09-12 21:22:11 ----A---- C:\Windows\system32\iertutil.dll
2018-09-12 21:22:11 ----A---- C:\Windows\system32\bcrypt.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\vbscript.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\sspisrv.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\secur32.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\msfeeds.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\drivers\appid.sys
2018-09-12 21:22:10 ----A---- C:\Windows\system32\cryptbase.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\credssp.dll
2018-09-12 21:22:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-09-12 21:22:09 ----A---- C:\Windows\system32\msobjs.dll
2018-09-12 21:22:09 ----A---- C:\Windows\system32\msaudite.dll
2018-09-12 21:22:09 ----A---- C:\Windows\system32\ieapfltr.dll
2018-09-12 21:22:08 ----A---- C:\Windows\system32\ieui.dll
2018-09-12 21:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-09-12 21:22:08 ----A---- C:\Windows\system32\adtschema.dll
2018-09-12 21:22:07 ----A---- C:\Windows\system32\webcheck.dll
2018-09-12 21:22:05 ----A---- C:\Windows\system32\occache.dll
2018-09-12 21:22:05 ----A---- C:\Windows\system32\msrating.dll
2018-09-12 21:22:05 ----A---- C:\Windows\system32\mshtmled.dll
2018-09-12 21:22:05 ----A---- C:\Windows\system32\jsproxy.dll
2018-09-12 21:22:05 ----A---- C:\Windows\system32\jscript9diag.dll
2018-09-12 21:22:05 ----A---- C:\Windows\system32\dxtrans.dll
2018-09-12 21:22:05 ----A---- C:\Windows\system32\dxtmsft.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\MPSSVC.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\inseng.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\ieUnatt.exe
2018-09-12 21:22:04 ----A---- C:\Windows\system32\iesetup.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\iernonce.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-09-12 21:22:04 ----A---- C:\Windows\system32\ie4uinit.exe
2018-09-12 21:22:04 ----A---- C:\Windows\system32\icfupgd.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\fontsub.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\FirewallAPI.dll
2018-09-12 21:22:04 ----A---- C:\Windows\system32\ExplorerFrame.dll
2018-09-12 21:22:03 ----A---- C:\Windows\system32\wfapigp.dll
2018-09-12 21:22:03 ----A---- C:\Windows\system32\netevent.dll
2018-09-12 21:22:03 ----A---- C:\Windows\system32\msimg32.dll
2018-09-12 21:22:03 ----A---- C:\Windows\system32\lpk.dll
2018-09-12 21:22:03 ----A---- C:\Windows\system32\dciman32.dll
2018-09-12 21:22:03 ----A---- C:\Windows\system32\atmlib.dll
2018-09-12 21:22:02 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-09-12 21:22:01 ----A---- C:\Windows\system32\msxml6r.dll
2018-09-12 21:22:01 ----A---- C:\Windows\system32\msxml3r.dll
2018-09-05 10:01:47 ----SHD---- C:\found.000
2018-08-31 15:13:21 ----A---- C:\Windows\system32\aswBoot.exe
2018-08-15 16:29:06 ----D---- C:\Program Files\Google
2018-08-15 16:01:19 ----D---- C:\Users\Morčátka\AppData\Roaming\Opera Software
2018-08-15 07:52:00 ----A---- C:\Windows\system32\cscdll.dll
2018-08-15 07:52:00 ----A---- C:\Windows\system32\cscapi.dll
2018-08-15 07:51:54 ----A---- C:\Windows\system32\msi.dll
2018-08-15 07:51:51 ----A---- C:\Windows\system32\win32k.sys
2018-08-15 07:51:51 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-08-15 07:51:50 ----A---- C:\Windows\system32\msiexec.exe
2018-08-15 07:51:50 ----A---- C:\Windows\system32\drivers\ndis.sys
2018-08-15 07:51:47 ----A---- C:\Windows\system32\hlink.dll
2018-08-15 07:51:47 ----A---- C:\Windows\system32\consent.exe
2018-08-15 07:51:28 ----A---- C:\Windows\system32\msihnd.dll
2018-08-15 07:51:28 ----A---- C:\Windows\system32\authui.dll
2018-08-15 07:51:27 ----A---- C:\Windows\system32\tzres.dll
2018-08-15 07:51:27 ----A---- C:\Windows\system32\appinfo.dll
2018-08-15 07:51:26 ----A---- C:\Windows\system32\msimsg.dll

======List of files/folders modified in the last 1 month======

2018-09-14 12:59:38 ----D---- C:\Windows\system32\drivers\etc
2018-09-14 12:59:26 ----RD---- C:\Program Files
2018-09-14 12:57:08 ----D---- C:\Windows\Temp
2018-09-14 12:45:23 ----D---- C:\Users\Morčátka\AppData\Roaming\uTorrent
2018-09-14 11:49:21 ----D---- C:\Windows\system32\config
2018-09-14 11:28:08 ----D---- C:\Users\Morčátka\AppData\Roaming\Seznam.cz
2018-09-14 05:21:52 ----SHD---- C:\System Volume Information
2018-09-14 04:24:22 ----D---- C:\Windows\winsxs
2018-09-14 04:22:56 ----D---- C:\Windows\System32
2018-09-14 04:22:56 ----D---- C:\Windows\inf
2018-09-14 04:22:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-14 03:42:02 ----D---- C:\Windows\Logs
2018-09-14 03:37:22 ----D---- C:\Windows\system32\wbem
2018-09-14 03:37:22 ----D---- C:\Windows\system32\drivers\cs-CZ
2018-09-14 03:37:22 ----D---- C:\Windows\system32\drivers
2018-09-14 03:37:22 ----D---- C:\Windows\AppPatch
2018-09-14 03:37:22 ----D---- C:\Windows
2018-09-14 03:37:21 ----D---- C:\Windows\system32\DriverStore
2018-09-14 03:31:20 ----D---- C:\Windows\Microsoft.NET
2018-09-14 03:18:09 ----SHD---- C:\Windows\Installer
2018-09-14 03:18:09 ----SHD---- C:\Config.Msi
2018-09-13 14:41:38 ----D---- C:\Windows\system32\catroot2
2018-09-13 03:30:36 ----D---- C:\Windows\Prefetch
2018-09-13 03:26:21 ----D---- C:\Windows\system32\en-US
2018-09-13 03:26:21 ----D---- C:\Windows\system32\cs-CZ
2018-09-13 03:26:21 ----D---- C:\Program Files\Internet Explorer
2018-09-13 03:06:08 ----D---- C:\Windows\system32\MRT
2018-09-13 03:01:51 ----AC---- C:\Windows\system32\MRT.exe
2018-09-12 22:49:45 ----D---- C:\Škola
2018-09-12 21:48:19 ----D---- C:\Users\Morčátka\AppData\Roaming\vlc
2018-09-12 21:25:08 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-09-12 21:25:02 ----D---- C:\Windows\system32\Macromed
2018-09-11 11:47:56 ----D---- C:\Program Files\CCleaner
2018-09-10 15:01:37 ----D---- C:\Windows\system32\Tasks
2018-08-16 12:16:43 ----D---- C:\Windows\rescache
2018-08-16 08:57:04 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2018-08-31 164944]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2018-08-31 284320]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2018-08-31 57968]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-08-31 73264]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-08-31 311328]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-09-24 27968]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 173288]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-08-31 167552]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2018-08-31 188336]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-08-31 196008]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-08-31 101056]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-08-31 784112]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-09-04 396536]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-09-11 135376]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-09-12 165928]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-09-24 37696]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2010-03-02 482176]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-12-27 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2015-12-27 40504]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-25 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-25 15872]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-08-06 4786688]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 rismc32;RICOH Smart Card Reader; C:\Windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
R3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-03 1303728]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 123328]
S3 aftap0901;AnchorFree TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\aftap0901.sys [2018-03-06 45528]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2018-02-10 52928]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-08-31 42808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 94208]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 MEI;Intel(R) Management Engine Interface ; C:\Windows\system32\drivers\HECI.sys [2010-10-19 41088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2018-02-10 51904]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 24064]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2013-10-02 26880]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2018-02-10 52928]
S3 ViaC7;Ovladač procesoru VIA C7; C:\Windows\system32\drivers\viac7.sys [2018-08-10 53248]
S3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-08-31 322464]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2012-09-24 27968]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2018-08-31 6488376]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-11-30 1082200]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S2 avast;Služba %1!s! Update (avast); C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-24 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2018-03-26 107592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12 335872]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-24 164984]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-08-23 104960]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2018-03-26 47200]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.10 2018-09-14 12:59:57

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A9C29BEDD00008020210007BE122C0008000000F00A0000BE132C07FEFFFF00F80A0000F84509000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Flash Player 31 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_ActiveX.exe -maintain activex
Adobe Flash Player 31 NPAPI-->C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe -maintain plugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824272646}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
Avast Secure Browser-->"C:\Program Files\AVAST Software\Browser\AvastBrowserUninstall.exe" /run_source=cp
Avast Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Canon MP250 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Hidden & Dangerous 2-->"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\unins000.exe"
HP Quick Launch Buttons-->"C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0405 -removeonly uninst
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Microsoft .NET Framework 4.5.2 (CSY)-->MsiExec.exe /X{69EDC871-8A8A-34A8-B511-FF7CE3C4B0B7}
Microsoft .NET Framework 4.5.2 (čeština)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\CSY\\Setup.exe /repair /x86 /lcid 1029
Microsoft .NET Framework 4.7.2-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.7.03062\\Setup.exe /repair /x86
Microsoft .NET Framework 4.7.2-->MsiExec.exe /X{10C4E843-C226-3FDF-9DD6-F4E3275E734D}
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Mozilla Firefox 59.0.2 (x86 en-US)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
Ruská - rozložení jako latinka (0.9.1)-->MsiExec.exe /I{6109059C-2784-4546-A353-7100A6882DF4}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 4.7.2 (KB4087364)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.7.03062\setup.exe /uninstallpatch {C9478574-9346-3179-AB95-E059024BEE8C}
VLC media player-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR 5.21 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: Morčátka-PC
Event Code: 7036
Message: Stav služby Adobe Flash Player Update Service byl změněn na: Spuštěno
Record Number: 63083
Source Name: Service Control Manager
Time Written: 20180509080201.133780-000
Event Type: Informace
User:

Computer Name: Morčátka-PC
Event Code: 7036
Message: Stav služby Služba Plánovač multimédií byl změněn na: Spuštěno
Record Number: 63082
Source Name: Service Control Manager
Time Written: 20180509075911.491077-000
Event Type: Informace
User:

Computer Name: Morčátka-PC
Event Code: 7036
Message: Stav služby Služba Plánovač multimédií byl změněn na: Zastaveno
Record Number: 63081
Source Name: Service Control Manager
Time Written: 20180509075518.636758-000
Event Type: Informace
User:

Computer Name: Morčátka-PC
Event Code: 7036
Message: Stav služby Ochrana softwaru byl změněn na: Zastaveno
Record Number: 63080
Source Name: Service Control Manager
Time Written: 20180509075507.171103-000
Event Type: Informace
User:

Computer Name: Morčátka-PC
Event Code: 36881
Message: Certifikátu přijatému ze vzdáleného serveru vypršela platnost. Požadavek na připojení SSL nebyl úspěšný. Připojená data obsahují certifikát serveru.
Record Number: 63079
Source Name: Schannel
Time Written: 20180509075504.863971-000
Event Type: Chyba
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: WIN-DCPTNE1D487
Event Code: 6001
Message: Odběrateli oznámení přihlašování do systému Windows <GPClient> se nezdařilo provést událost oznámení.
Record Number: 2032
Source Name: Microsoft-Windows-Winlogon
Time Written: 20151203141453.000000-000
Event Type: Upozornění
User:

Computer Name: WIN-DCPTNE1D487
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <GPClient> nemohl zpracovat událost upozornění.
Record Number: 2031
Source Name: Microsoft-Windows-Winlogon
Time Written: 20151203141453.000000-000
Event Type: Upozornění
User:

Computer Name: WIN-DCPTNE1D487
Event Code: 1003
Message: Služba Windows Search byla spuštěna.

Record Number: 2030
Source Name: Microsoft-Windows-Search
Time Written: 20151203141451.000000-000
Event Type: Informace
User:

Computer Name: WIN-DCPTNE1D487
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.

Record Number: 2029
Source Name: Microsoft-Windows-Search
Time Written: 20151203141450.000000-000
Event Type: Informace
User:

Computer Name: WIN-DCPTNE1D487
Event Code: 103
Message: Windows (2800) Windows: Databázový stroj zastavil instanci (0).
Record Number: 2028
Source Name: ESENT
Time Written: 20151203141450.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Morčátka-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 12912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160810065959.990827-000
Event Type: Úspěšný audit
User:

Computer Name: Morčátka-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MORCATKA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x220
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 12911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160810065959.990827-000
Event Type: Úspěšný audit
User:

Computer Name: Morčátka-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 12910
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160810065959.928427-000
Event Type: Úspěšný audit
User:

Computer Name: Morčátka-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MORCATKA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x220
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 12909
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160810065959.928427-000
Event Type: Úspěšný audit
User:

Computer Name: Morčátka-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Oprávnění: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 12908
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160810065959.772426-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3

-----------------EOF-----------------

#2 Příspěvek od **Conder** » 14 zář 2018 15:42

Ahoj

Ak nepouzivas, odorucam odinstalovat Seznam Software (Seznam Listicka).

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
Nechaj zaskrtnute vsetky nalezy
Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

Mankind · #3 Příspěvek od **Mankind** » 14 zář 2018 15:57

Seznam Software jsem odinstaloval.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-14-2018
# Duration: 00:00:13
# OS: Windows 7 Home Premium
# Cleaned: 7
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Conduit
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted PDFConverterHQ

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1706 octets] - [14/09/2018 16:48:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Conder** » 14 zář 2018 18:22

Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=154679

Mankind · #5 Příspěvek od **Mankind** » 14 zář 2018 18:51

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09.09.2018
Ran by Morčátka (14-09-2018 19:47:37)
Running from C:\Users\Morčátka\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-12-23 10:46:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2091886149-3345506598-3230958532-500 - Administrator - Disabled)
Guest (S-1-5-21-2091886149-3345506598-3230958532-501 - Limited - Disabled)
Morčátka (S-1-5-21-2091886149-3345506598-3230958532-1000 - Administrator - Enabled) => C:\Users\Morčátka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.6.2349 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Hidden & Dangerous 2 (HKLM\...\H&D2_is1) (Version: - )
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ruská - rozložení jako latinka (0.9.1) (HKLM\...\{6109059C-2784-4546-A353-7100A6882DF4}) (Version: 1.0.3.40 - Đonny)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-08-31] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-08-31] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-08-31] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-06] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-08-31] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C2AF8F5-65EF-4CDC-8FA5-CD4B17C4FFE8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {44B4DF5F-A94E-42CF-82D2-841C70A836DB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5375C30A-DD91-4396-84EC-6A81E458B5BA} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-24] (AVAST Software)
Task: {663613DE-9860-4AE3-B0C1-75E05697180D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {73BC9E1E-5965-4B88-BCE6-446BE567AF1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {90C82C94-DB71-4C2F-BF4D-38AF36361031} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {954F068F-A8F3-40EB-96E6-6518AC14D102} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {BD8EF0D8-0CE0-4C56-826F-631BF4A96756} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-24] (AVAST Software)
Task: {C912A1E4-35ED-41EC-A085-E9E9884FE44C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-12] (AVAST Software)
Task: {E7DD0B58-7422-4D9B-8622-30633712EA72} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {EB7DDAD5-23EF-4CDD-9ADC-88596EB70E7A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-31] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-08-31 15:09 - 2018-08-31 15:09 - 000575704 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-14 11:27 - 2018-09-14 11:27 - 005693584 _____ () C:\Program Files\AVAST Software\Avast\defs\18091400\algo.dll
2018-08-31 15:11 - 2018-08-31 15:11 - 000896216 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-08-31 15:09 - 2018-08-31 15:09 - 000541400 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-08-31 15:08 - 2018-08-31 15:08 - 000151768 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-08-31 15:09 - 2018-08-31 15:09 - 000986840 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-05-06 13:17 - 2018-05-06 13:17 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-08 21:25 - 2018-09-10 13:22 - 000085320 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2018-09-14 12:59 - 000000836 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Morčátka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A755098D-1AD3-4747-A4E0-1A82A38A2CC0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DC890540-CBF3-4CAD-9961-1CE5D1FA1137}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3ABCDB58-945D-4932-B267-7C72B6711519}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{44BD5AE5-6612-499F-8B62-D21476B8CDE4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{7E704653-0BC3-431A-A1CF-DB98D7A7D0E9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{87EE35CA-7ECA-486E-8257-2D186434A9E5}C:\users\morčátka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\morčátka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{FA59DAA7-29BA-421D-8371-E579AF50FDB1}C:\users\morčátka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\morčátka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8732D9BF-F7D3-4860-BF99-7ECCAC3CFCE1}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0D9CC20B-55CC-4C74-9A0E-055BFA7406A8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{FA69BBDF-4842-4ECF-906F-3D80AAA288B6}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{85FDED3B-1C8F-4BE2-A714-7F1AF09C8FCC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{DD4E1007-AD74-46D5-A4FF-D8555029FA0D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{59FAF966-1B0A-4B3D-BEE4-553EF6EA8D67}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{31B5FFEF-45C0-4530-A121-12FF87CFE062}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

14-09-2018 05:21:12 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2018 04:52:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/14/2018 11:23:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/14/2018 04:05:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/14/2018 03:41:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2018 11:00:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2018 07:41:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2018 03:30:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/12/2018 08:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/14/2018 04:49:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/14/2018 04:49:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Andrea ADI Filters Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/14/2018 04:49:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/14/2018 04:49:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba hpqwmiex byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/14/2018 04:49:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Com4QLBEx byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/14/2018 04:49:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/14/2018 11:28:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Windows Update přestala během spouštění reagovat.

Error: (09/14/2018 05:23:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073712): 2018-05, kumulativní aktualizace zabezpečení a pro zvýšení kvality pro rozhraní .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 v systému Windows 7 (KB4099633).

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 75%
Total physical RAM: 1527.3 MB
Available physical RAM: 371.88 MB
Total Virtual: 3054.61 MB
Available Virtual: 1726.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.19 GB) (Free:20.73 GB) NTFS

\\?\Volume{a9a7efff-99c3-11e5-b699-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: DDBE299C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Mankind · #6 Příspěvek od **Mankind** » 14 zář 2018 18:51

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09.09.2018
Ran by Morčátka (administrator) on MORCATKA-PC (14-09-2018 19:45:24)
Running from C:\Users\Morčátka\Desktop
Loaded Profiles: Morčátka (Available Profiles: Morčátka)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-31] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3280728 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: {0d75640d-ac0f-11e5-8513-00218677914a} - E:\autorun.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: {2db6eb48-d869-11e5-9efa-00218677914a} - E:\HTC_Sync_Manager_PC.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{55EEBD30-B6B6-4ACE-ACDE-893B46ACD84E}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{B920318B-F747-4672-AF1D-9F01BEC4C991}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2091886149-3345506598-3230958532-1000 -> {EBE84FE9-674C-4B34-9499-A9C3F0DE3E3E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: y8gmatwl.default
FF ProfilePath: C:\Users\Morčátka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default [2018-09-14]
FF Homepage: Mozilla\Firefox\Profiles\y8gmatwl.default -> moz-extension://e57f1734-2c2e-4605-8da2-91537ecef4f3/dynamicHomePage.html
FF HomepageOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Enabled: _fsMembers_@free.pdfconverterhq.com
FF NewTabOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Enabled: _fsMembers_@free.pdfconverterhq.com
FF NewTabOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Seznam doplněk - Esko) - C:\Users\Morčátka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-09-06]
FF Extension: (Avast Online Security) - C:\Users\Morčátka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default\Extensions\wrc@avast.com.xpi [2018-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6488376 2018-08-31] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-24] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-31] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-24] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082200 2015-11-30] (Disc Soft Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-03-06] (The OpenVPN Project)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-08-31] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188336 2018-08-31] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-08-31] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284320 2018-08-31] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57968 2018-08-31] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [196008 2018-08-31] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135376 2018-09-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73264 2018-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-08-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [396536 2018-09-04] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [165928 2018-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [311328 2018-08-31] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2015-12-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2015-12-27] (Disc Soft Ltd)
S3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-12-21] (Intel Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-14 19:45 - 2018-09-14 19:46 - 000011824 _____ C:\Users\Morčátka\Desktop\FRST.txt
2018-09-14 19:45 - 2018-09-14 19:45 - 000000000 ____D C:\FRST
2018-09-14 19:43 - 2018-09-14 19:43 - 001774080 _____ (Farbar) C:\Users\Morčátka\Desktop\FRST.exe
2018-09-14 16:47 - 2018-09-14 16:49 - 000000000 ____D C:\AdwCleaner
2018-09-14 16:47 - 2018-09-14 16:47 - 007571152 _____ (Malwarebytes) C:\Users\Morčátka\Desktop\adwcleaner_7.2.3.1.exe
2018-09-14 12:59 - 2018-09-14 12:59 - 000000000 ____D C:\rsit
2018-09-14 12:59 - 2018-09-14 12:59 - 000000000 ____D C:\Program Files\trend micro
2018-09-14 12:58 - 2018-09-14 12:59 - 001107968 _____ C:\Users\Morčátka\Desktop\RSIT.exe
2018-09-13 14:47 - 2016-03-16 20:28 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2018-09-13 14:47 - 2016-03-16 20:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2018-09-13 14:46 - 2016-08-29 16:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-09-13 14:46 - 2016-07-07 16:57 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2018-09-13 14:46 - 2016-03-09 20:40 - 000316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2018-09-13 14:46 - 2016-03-09 20:34 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2018-09-13 14:46 - 2016-01-21 02:51 - 000057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2018-09-13 14:46 - 2015-10-29 19:50 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2018-09-13 14:46 - 2015-10-29 19:49 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2018-09-13 14:46 - 2015-10-29 19:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2018-09-13 14:46 - 2015-10-29 19:49 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2018-09-13 14:43 - 2016-02-05 20:58 - 000123328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2018-09-13 14:43 - 2016-02-05 20:44 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2018-09-13 14:43 - 2016-02-05 19:33 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2018-09-13 14:43 - 2015-06-03 22:22 - 000355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2018-09-12 23:10 - 2018-09-12 23:10 - 000000522 _____ C:\Users\Morčátka\Desktop\pokoje, byty, koleje.txt
2018-09-12 21:22 - 2018-08-31 17:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-12 21:22 - 2018-08-31 17:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-12 21:22 - 2018-08-30 03:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-12 21:22 - 2018-08-28 07:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-12 21:22 - 2018-08-24 20:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-12 21:22 - 2018-08-23 23:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-12 21:22 - 2018-08-23 23:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-12 21:22 - 2018-08-23 23:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-12 21:22 - 2018-08-23 23:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-12 21:22 - 2018-08-23 23:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-12 21:22 - 2018-08-23 23:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-12 21:22 - 2018-08-23 23:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-12 21:22 - 2018-08-23 23:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-12 21:22 - 2018-08-23 23:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-12 21:22 - 2018-08-23 23:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-12 21:22 - 2018-08-23 23:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-12 21:22 - 2018-08-23 23:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-12 21:22 - 2018-08-23 23:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-12 21:22 - 2018-08-23 23:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-12 21:22 - 2018-08-23 23:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-12 21:22 - 2018-08-23 23:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-12 21:22 - 2018-08-23 23:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-12 21:22 - 2018-08-23 23:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-12 21:22 - 2018-08-23 22:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-12 21:22 - 2018-08-23 22:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-12 21:22 - 2018-08-23 22:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-12 21:22 - 2018-08-23 22:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-12 21:22 - 2018-08-23 22:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-12 21:22 - 2018-08-23 22:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-12 21:22 - 2018-08-23 22:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-12 21:22 - 2018-08-23 22:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-12 21:22 - 2018-08-23 22:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-12 21:22 - 2018-08-23 22:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-12 21:22 - 2018-08-23 22:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-12 21:22 - 2018-08-23 22:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-12 21:22 - 2018-08-23 22:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-12 21:22 - 2018-08-23 22:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-12 21:22 - 2018-08-23 22:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-12 21:22 - 2018-08-23 22:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-12 21:22 - 2018-08-23 22:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-12 21:22 - 2018-08-13 17:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-12 21:22 - 2018-08-12 22:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-12 21:22 - 2018-08-12 22:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-12 21:22 - 2018-08-12 22:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-12 21:22 - 2018-08-12 22:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-12 21:22 - 2018-08-10 17:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-12 21:22 - 2018-08-10 17:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-12 21:22 - 2018-08-10 17:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-12 21:22 - 2018-08-10 17:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-12 21:22 - 2018-08-10 17:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-12 21:22 - 2018-08-10 17:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-12 21:22 - 2018-08-10 17:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-12 21:22 - 2018-08-10 17:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-12 21:22 - 2018-08-10 17:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-12 21:22 - 2018-08-10 17:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-12 21:22 - 2018-08-10 17:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-12 21:22 - 2018-08-10 17:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-12 21:22 - 2018-08-10 17:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-12 21:22 - 2018-08-10 17:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-12 21:22 - 2018-08-10 17:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-12 21:22 - 2018-08-10 17:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-12 21:22 - 2018-08-10 17:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-12 21:22 - 2018-08-10 17:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-12 21:22 - 2018-08-10 17:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-12 21:22 - 2018-08-10 17:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-12 21:22 - 2018-08-10 17:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-12 21:22 - 2018-08-10 17:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-12 21:22 - 2018-08-10 17:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-12 21:22 - 2018-08-10 17:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-12 21:22 - 2018-08-10 17:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-12 21:22 - 2018-08-10 17:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-12 21:22 - 2018-08-10 17:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-12 21:22 - 2018-08-10 17:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-12 21:22 - 2018-08-10 17:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-12 21:22 - 2018-08-10 17:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-12 21:22 - 2018-08-10 17:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-12 21:22 - 2018-08-10 17:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-12 21:22 - 2018-08-10 17:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-12 21:22 - 2018-08-10 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-12 21:22 - 2018-08-10 17:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-12 21:22 - 2018-07-29 17:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-12 21:22 - 2018-07-18 17:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-12 21:22 - 2018-06-27 15:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-05 10:01 - 2018-09-05 10:01 - 000000000 __SHD C:\found.000
2018-08-31 15:13 - 2018-08-31 15:09 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-08-15 16:29 - 2018-09-10 14:57 - 000000000 ____D C:\Program Files\Google
2018-08-15 16:28 - 2018-09-10 14:55 - 000000000 ____D C:\Users\Morčátka\AppData\Local\Google
2018-08-15 16:03 - 2018-08-15 16:03 - 000000000 _____ C:\Windows\system32\last.dump
2018-08-15 16:01 - 2018-09-10 15:01 - 000000000 ____D C:\Users\Morčátka\AppData\Roaming\Opera Software
2018-08-15 16:01 - 2018-09-10 15:01 - 000000000 ____D C:\Users\Morčátka\AppData\Local\Opera Software
2018-08-15 07:52 - 2018-06-29 17:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-15 07:52 - 2018-06-29 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-15 07:51 - 2018-08-03 17:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-15 07:51 - 2018-07-07 17:19 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-15 07:51 - 2018-07-06 17:54 - 000713408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-15 07:51 - 2018-06-27 17:50 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-15 07:51 - 2018-06-27 17:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-15 07:51 - 2018-06-27 17:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-15 07:51 - 2018-06-27 17:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-15 07:51 - 2018-06-27 17:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-15 07:51 - 2018-06-27 17:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-15 07:51 - 2018-06-27 17:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-15 07:51 - 2018-06-27 17:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-15 07:51 - 2018-06-21 05:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-14 19:40 - 2017-07-21 16:29 - 000000000 ____D C:\Users\Morčátka\AppData\LocalLow\Mozilla
2018-09-14 17:45 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2018-09-14 17:01 - 2009-07-14 06:34 - 000028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-14 17:01 - 2009-07-14 06:34 - 000028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-14 17:00 - 2016-09-22 08:01 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2018-09-14 16:56 - 2018-05-24 09:19 - 000000000 ____D C:\Users\Morčátka\AppData\Local\AVAST Software
2018-09-14 16:51 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-14 16:46 - 2018-05-09 16:52 - 000000000 ____D C:\Users\Morčátka\AppData\Roaming\Seznam.cz
2018-09-14 12:45 - 2018-05-23 07:25 - 000000000 ____D C:\Users\Morčátka\AppData\Roaming\uTorrent
2018-09-14 04:22 - 2011-04-12 03:37 - 000668792 _____ C:\Windows\system32\perfh005.dat
2018-09-14 04:22 - 2011-04-12 03:37 - 000141420 _____ C:\Windows\system32\perfc005.dat
2018-09-14 04:22 - 2010-11-20 23:01 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-14 04:22 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-09-13 03:29 - 2009-07-14 06:33 - 000408304 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-13 03:06 - 2015-09-16 16:02 - 000000000 ____D C:\Windows\system32\MRT
2018-09-13 03:01 - 2015-09-16 16:02 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-12 22:49 - 2017-07-21 13:15 - 000000000 ____D C:\Škola
2018-09-12 21:48 - 2016-08-28 14:41 - 000000000 ____D C:\Users\Morčátka\AppData\Roaming\vlc
2018-09-12 21:25 - 2016-10-09 15:29 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-12 21:25 - 2016-10-09 15:29 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-12 21:25 - 2016-10-09 15:29 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 21:25 - 2015-12-26 22:44 - 000165928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-09-11 19:59 - 2015-12-26 22:44 - 000135376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-09-11 11:47 - 2015-12-26 22:58 - 000000000 ____D C:\Program Files\CCleaner
2018-09-04 18:41 - 2015-12-26 22:44 - 000396536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-08-31 15:21 - 2015-12-26 22:44 - 000073264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-08-31 15:12 - 2018-01-30 17:31 - 000167552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-08-31 15:12 - 2015-12-26 22:44 - 000311328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-08-31 15:12 - 2015-12-26 22:44 - 000101056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-08-31 15:12 - 2015-12-26 22:44 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-08-31 15:09 - 2015-12-26 22:44 - 000784112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-08-31 15:08 - 2018-01-30 17:31 - 000196008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-08-31 15:08 - 2017-03-12 16:27 - 000284320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-08-31 15:08 - 2017-03-12 16:27 - 000188336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-08-31 15:08 - 2017-03-12 16:27 - 000164944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-08-31 15:08 - 2017-03-12 16:27 - 000057968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-08-28 02:59 - 2018-02-25 08:26 - 000000000 ____D C:\Users\Morčátka\Desktop\Profilovky
2018-08-24 09:44 - 2009-07-14 06:53 - 000032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-08-20 16:31 - 2018-05-24 09:22 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 16:31 - 2018-05-24 09:22 - 000002332 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-16 12:45 - 2015-12-26 23:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2018-05-20 00:53 - 2018-05-20 00:53 - 000198884 _____ () C:\Users\Morčátka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Morčátka\AppData\Local\AtStart.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Morčátka\AppData\Local\DSwitch.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Morčátka\AppData\Local\QSwitch.txt

Some files in TEMP:
====================
2018-06-05 12:45 - 2018-09-14 16:46 - 000534528 _____ () C:\Users\Morčátka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-05 00:49

==================== End of FRST.txt ============================

#7 Příspěvek od **Conder** » 15 zář 2018 01:20

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: more "C:\Users\Morčátka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt"
File: C:\Users\Morčátka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&D2_is1

HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: {0d75640d-ac0f-11e5-8513-00218677914a} - E:\autorun.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: {2db6eb48-d869-11e5-9efa-00218677914a} - E:\HTC_Sync_Manager_PC.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2091886149-3345506598-3230958532-1000 -> {EBE84FE9-674C-4B34-9499-A9C3F0DE3E3E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
FF Homepage: Mozilla\Firefox\Profiles\y8gmatwl.default -> moz-extension://e57f1734-2c2e-4605-8da2-91537ecef4f3/dynamicHomePage.html
FF HomepageOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Enabled: _fsMembers_@free.pdfconverterhq.com
FF NewTabOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Enabled: _fsMembers_@free.pdfconverterhq.com
FF NewTabOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Seznam doplněk - Esko) - C:\Users\Morčátka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-09-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2018-09-14 12:59 - 2018-09-14 12:59 - 000000000 ____D C:\rsit
2018-09-14 12:59 - 2018-09-14 12:59 - 000000000 ____D C:\Program Files\trend micro
2018-09-14 12:58 - 2018-09-14 12:59 - 001107968 _____ C:\Users\Morčátka\Desktop\RSIT.exe
2018-08-15 16:03 - 2018-08-15 16:03 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-14 17:00 - 2016-09-22 08:01 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2018-09-14 16:46 - 2018-05-09 16:52 - 000000000 ____D C:\Users\Morčátka\AppData\Roaming\Seznam.cz
2018-05-20 00:53 - 2018-05-20 00:53 - 000198884 _____ () C:\Users\Morčátka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Morčátka\AppData\Local\AtStart.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Morčátka\AppData\Local\DSwitch.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Morčátka\AppData\Local\QSwitch.txt
2018-06-05 12:45 - 2018-09-14 16:46 - 000534528 _____ () C:\Users\Morčátka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
Task: {E7DD0B58-7422-4D9B-8622-30633712EA72} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

C:\Program Files\McAfee Safe Connect
C:\Program Files\Seznam.cz
C:\Users\Morčátka\AppData\Roaming\Seznam.cz
C:\Windows\AutoKMS

Hosts:
EmptyTemp:
End

Klikni na Subor a potom na Ulozit
Vpravo dole vyber kodovanie Unicode
Subor uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Mankind · #8 Příspěvek od **Mankind** » 15 zář 2018 13:38

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Morčátka (15-09-2018 14:20:54) Run:1
Running from C:\Users\Morčátka\Desktop
Loaded Profiles: Morčátka (Available Profiles: Morčátka)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: more "C:\Users\Mor��tka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt"
File: C:\Users\Mor��tka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&D2_is1

HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: {0d75640d-ac0f-11e5-8513-00218677914a} - E:\autorun.exe
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\...\MountPoints2: {2db6eb48-d869-11e5-9efa-00218677914a} - E:\HTC_Sync_Manager_PC.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w20&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2091886149-3345506598-3230958532-1000 -> {EBE84FE9-674C-4B34-9499-A9C3F0DE3E3E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
FF Homepage: Mozilla\Firefox\Profiles\y8gmatwl.default -> moz-extension://e57f1734-2c2e-4605-8da2-91537ecef4f3/dynamicHomePage.html
FF HomepageOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Enabled: _fsMembers_@free.pdfconverterhq.com
FF NewTabOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Enabled: _fsMembers_@free.pdfconverterhq.com
FF NewTabOverride: Mozilla\Firefox\Profiles\y8gmatwl.default -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Seznam dopln�k - Esko) - C:\Users\Mor��tka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-09-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2018-09-14 12:59 - 2018-09-14 12:59 - 000000000 ____D C:\rsit
2018-09-14 12:59 - 2018-09-14 12:59 - 000000000 ____D C:\Program Files\trend micro
2018-09-14 12:58 - 2018-09-14 12:59 - 001107968 _____ C:\Users\Mor��tka\Desktop\RSIT.exe
2018-08-15 16:03 - 2018-08-15 16:03 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-14 17:00 - 2016-09-22 08:01 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2018-09-14 16:46 - 2018-05-09 16:52 - 000000000 ____D C:\Users\Mor��tka\AppData\Roaming\Seznam.cz
2018-05-20 00:53 - 2018-05-20 00:53 - 000198884 _____ () C:\Users\Mor��tka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Mor��tka\AppData\Local\AtStart.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Mor��tka\AppData\Local\DSwitch.txt
2015-12-24 01:56 - 2015-12-24 01:56 - 000000000 _____ () C:\Users\Mor��tka\AppData\Local\QSwitch.txt
2018-06-05 12:45 - 2018-09-14 16:46 - 000534528 _____ () C:\Users\Mor��tka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
Task: {E7DD0B58-7422-4D9B-8622-30633712EA72} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

C:\Program Files\McAfee Safe Connect
C:\Program Files\Seznam.cz
C:\Users\Mor��tka\AppData\Roaming\Seznam.cz
C:\Windows\AutoKMS

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 1227
Average :
Sum : 5995777151
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========= more "C:\Users\Mor��tka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt" =========

Soubor C:\Users\Mor??tka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt nenˇ pýˇstupně.

========= End of CMD: =========

========================= File: C:\Users\Mor��tka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe ========================

"C:\Users\Mor��tka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" => not found
====== End of File: ======

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\H&D2_is1]
"Inno Setup: Setup Version"="5.2.2"
"Inno Setup: App Path"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2"
"InstallLocation"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\"
"Inno Setup: Icon Group"="Illusion Softworks\Hidden & Dangerous 2"
"Inno Setup: User"="Morčátka"
"DisplayName"="Hidden & Dangerous 2"
"UninstallString"=""C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\unins000.exe""
"QuietUninstallString"=""C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\unins000.exe" /SILENT"
"NoModify"="1"
"NoRepair"="1"
"InstallDate"="20160923"

=== End of ExportKey ===
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => removed successfully.
"HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => removed successfully.
"HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => removed successfully.
"HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d75640d-ac0f-11e5-8513-00218677914a}" => removed successfully.
HKLM\Software\Classes\CLSID\{0d75640d-ac0f-11e5-8513-00218677914a} => not found
"HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2db6eb48-d869-11e5-9efa-00218677914a}" => removed successfully.
HKLM\Software\Classes\CLSID\{2db6eb48-d869-11e5-9efa-00218677914a} => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2091886149-3345506598-3230958532-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBE84FE9-674C-4B34-9499-A9C3F0DE3E3E}" => removed successfully.
HKLM\Software\Classes\CLSID\{EBE84FE9-674C-4B34-9499-A9C3F0DE3E3E} => not found
"FF Homepage: Mozilla\Firefox\Profiles\y8gmatwl.default -> moz-extension://e57f1734-2c2e-4605-8da2-91537ecef4f3/dynamicHomePage.html" => not found
"Firefox homepage" => removed successfully.
"Firefox HomepageOverride (_fsMembers_@free.pdfconverterhq.com) " => removed successfully.
"Firefox NewTabOverride (_fsMembers_@free.pdfconverterhq.com) " => removed successfully.
"Firefox NewTabOverride ({ea614400-e918-4741-9a97-7a972ff7c30b}) " => removed successfully.
"C:\Users\Mor��tka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default\Extensions\sko-extension@firma.seznam.cz.xpi" => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully.
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
"C:\Users\Mor��tka\Desktop\RSIT.exe" => not found
C:\Windows\system32\last.dump => moved successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully
"C:\Users\Mor��tka\AppData\Roaming\Seznam.cz" => not found
"C:\Users\Mor��tka\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt" => not found
"C:\Users\Mor��tka\AppData\Local\AtStart.txt" => not found
"C:\Users\Mor��tka\AppData\Local\DSwitch.txt" => not found
"C:\Users\Mor��tka\AppData\Local\QSwitch.txt" => not found
"C:\Users\Mor��tka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E7DD0B58-7422-4D9B-8622-30633712EA72}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7DD0B58-7422-4D9B-8622-30633712EA72}" => removed successfully.
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully.
"C:\Windows\Tasks\AutoKMS.job" => not found
"C:\Program Files\McAfee Safe Connect" => not found
C:\Program Files\Seznam.cz => moved successfully
"C:\Users\Mor��tka\AppData\Roaming\Seznam.cz" => not found
C:\Windows\AutoKMS => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38924719 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 97759146 B
Edge => 0 B
Chrome => 0 B
Firefox => 157706654 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
LocalService => 0 B
NetworkService => 16674 B
Morčátka => 112361340 B

RecycleBin => 0 B
EmptyTemp: => 395.9 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:25:54 ====

#9 Příspěvek od **Conder** » 15 zář 2018 23:44

Fixlist nebol ulozeny s kodovanim Unicode. Pred ulozenim vyber kodovanie Unicode a spusti ho este raz.

Mankind · #10 Příspěvek od **Mankind** » 16 zář 2018 16:25

Snad je to přepracované správně.

#11 Příspěvek od **Conder** » 16 zář 2018 17:51

Ano, je to spravne.

Ako to vyzera s PC? Nastala nejaka zmena?

Mankind · #12 Příspěvek od **Mankind** » 16 zář 2018 17:53

Ano, internet jede mnohem rychleji, a hlavně už tu nevyskakují ty stránky.

Chtěl jsem se ještě zeptat, s programem MBAM pracovat nebudeme? Ten jste jakoby nahradil tím FRST ano?

#13 Příspěvek od **Conder** » 16 zář 2018 18:41

Podla FRST to uz vyzera ciste, ale kludne to mozes preskenovat aj cez MBAM (Malwarebytes) a poslat log, nic nepokazis. https://www.malwarebytes.com/mwb-download/thankyou/

Mankind · #14 Příspěvek od **Mankind** » 16 zář 2018 20:07

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 16.09.18
Čas skenování: 20:50
Logovací soubor: 6df851cc-b9e1-11e8-97f6-001eece8ea0e.json

-Informace o softwaru-
Verze: 3.5.1.2522
Verze komponentů: 1.0.441
Aktualizovat verzi balíku komponent: 1.0.6863
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x86
Systém souborů: NTFS
Uživatel: MORCATKA-PC\Mor\u00c4\u008d\u00c3\u00a1tka

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 167227
Zjištěné hrozby: 2
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 11 min, 48 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 1
PUP.Optional.MindSpark.Generic, C:\USERS\MORčáTKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y8GMATWL.DEFAULT\BROWSER-EXTENSION-DATA\_fsMembers_@free.pdfconverterhq.com, Žádná uživatelská akce, [1697], [468075],1.0.6863

Soubor: 1
PUP.Optional.MindSpark.Generic, C:\Users\Morčátka\AppData\Roaming\Mozilla\Firefox\Profiles\y8gmatwl.default\browser-extension-data\_fsMembers_@free.pdfconverterhq.com\storage.js, Žádná uživatelská akce, [1697], [468075],1.0.6863

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

#15 Příspěvek od **Conder** » 16 zář 2018 21:09

Tieto nalezy mozes zmazat, patri to k Firefox addonu ktory uz zmazal AdwCleaner.

VIRY.CZ

Zavirovaný notebook

Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook

Re: Zavirovaný notebook