Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim o preventivku,pc se chova podezrele

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

prosim o preventivku,pc se chova podezrele

#1 Příspěvek od tutamilan »

Logfile of random's system information tool 1.10 (written by random/random)
Run by ota at 2019-01-16 19:00:22
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 28 GB (25%) free of 114 GB
Total RAM: 3063 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:34, on 16.1.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19230)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ota\Desktop\RSIT (1).exe
C:\Program Files\trend micro\ota.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [DriveTheLife2013] "C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe" /start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [persistence module] rem|"C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files\HP\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6762 bytes

======Scheduled tasks folder======

C:\Windows\tasks\COMODO Updater.job - C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07 416288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DriveTheLife2013"=C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe [2015-07-23 2132320]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-23 1183744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-05-17 2358584]
"persistence module"=rem|C:\Windows\system32\igfxpers.exe []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2019-01-16 222600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2009-09-23 173592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2009-09-23 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2009-09-23 150552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viber]
C:\Users\ota\AppData\Local\Viber\Viber.exe [2018-12-21 37117512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Examiner8.0 CVB-11 32B.exe.lnk]
C:\Examin\EXAMIN~4.EXE [2016-12-11 25358700]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeExaminer8.0.exe.lnk]
C:\Examin\FREEEX~1.EXE [2016-09-12 25166155]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-01-16 18:41:27 ----A---- C:\Windows\system32\aswBoot.exe
2019-01-16 17:44:29 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-16 17:44:29 ----A---- C:\Windows\system32\iernonce.dll
2019-01-16 17:44:29 ----A---- C:\Windows\system32\ieetwproxystub.dll
2019-01-16 17:44:29 ----A---- C:\Windows\system32\ieetwcollector.exe
2019-01-16 17:44:28 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-16 17:44:28 ----A---- C:\Windows\system32\inseng.dll
2019-01-16 17:44:28 ----A---- C:\Windows\system32\ie4uinit.exe
2019-01-16 17:44:27 ----A---- C:\Windows\system32\urlmon.dll
2019-01-16 17:44:27 ----A---- C:\Windows\system32\occache.dll
2019-01-16 17:44:27 ----A---- C:\Windows\system32\jsproxy.dll
2019-01-16 17:44:27 ----A---- C:\Windows\system32\ieUnatt.exe
2019-01-16 17:44:27 ----A---- C:\Windows\system32\iedkcs32.dll
2019-01-16 17:44:26 ----A---- C:\Windows\system32\msfeeds.dll
2019-01-16 17:44:26 ----A---- C:\Windows\system32\jscript9diag.dll
2019-01-16 17:44:26 ----A---- C:\Windows\system32\ieapfltr.dll
2019-01-16 17:44:26 ----A---- C:\Windows\system32\dxtmsft.dll
2019-01-16 17:44:21 ----A---- C:\Windows\system32\webcheck.dll
2019-01-16 17:44:21 ----A---- C:\Windows\system32\msrating.dll
2019-01-16 17:44:20 ----A---- C:\Windows\system32\iesetup.dll
2019-01-16 17:44:19 ----A---- C:\Windows\system32\wininet.dll
2019-01-16 17:44:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2019-01-16 17:44:15 ----A---- C:\Windows\system32\dxtrans.dll
2019-01-16 17:44:14 ----A---- C:\Windows\system32\ieui.dll
2019-01-16 17:44:13 ----A---- C:\Windows\system32\ieframe.dll
2019-01-16 17:44:08 ----A---- C:\Windows\system32\mshtmled.dll
2019-01-16 17:44:07 ----A---- C:\Windows\system32\mshtmlmedia.dll
2019-01-16 17:44:05 ----A---- C:\Windows\system32\MshtmlDac.dll
2019-01-16 17:44:04 ----A---- C:\Windows\system32\iertutil.dll
2019-01-16 17:44:01 ----A---- C:\Windows\system32\mshtml.dll
2019-01-16 17:43:58 ----A---- C:\Windows\system32\jscript9.dll
2019-01-16 17:43:55 ----A---- C:\Windows\system32\vbscript.dll
2019-01-16 17:43:55 ----A---- C:\Windows\system32\jscript.dll
2019-01-16 17:22:02 ----A---- C:\Windows\system32\drivers\aswbidsdriver.sys
2019-01-16 17:22:02 ----A---- C:\Windows\system32\drivers\asw550725d6281a1f7f.tmp
2019-01-16 17:14:32 ----A---- C:\Windows\system32\drivers\aswArDisk.sys
2019-01-16 17:14:32 ----A---- C:\Windows\system32\drivers\asw0c86bbae4996146f.tmp
2019-01-16 17:14:21 ----A---- C:\Windows\system32\drivers\aswbuniv.sys
2019-01-16 17:14:21 ----A---- C:\Windows\system32\drivers\asw6fc08a3377102c79.tmp
2019-01-16 17:14:15 ----A---- C:\Windows\system32\drivers\aswblog.sys
2019-01-16 17:14:15 ----A---- C:\Windows\system32\drivers\asw57394fd20e09ff0f.tmp
2019-01-16 17:14:09 ----A---- C:\Windows\system32\drivers\aswbidsh.sys
2019-01-16 17:14:09 ----A---- C:\Windows\system32\drivers\aswbf6863c938c95b00.tmp
2019-01-15 21:21:28 ----D---- C:\ProgramData\DriverTalent

======List of files/folders modified in the last 1 month======

2019-01-16 19:00:31 ----D---- C:\Windows\system32\drivers\etc
2019-01-16 19:00:28 ----D---- C:\Program Files\trend micro
2019-01-16 18:56:12 ----D---- C:\Windows\Microsoft.NET
2019-01-16 18:56:02 ----D---- C:\FRST
2019-01-16 18:50:13 ----D---- C:\Windows
2019-01-16 18:45:53 ----D---- C:\Windows\Temp
2019-01-16 18:43:47 ----D---- C:\Windows\system32\Tasks
2019-01-16 18:43:08 ----D---- C:\Windows\system32\drivers
2019-01-16 18:41:27 ----D---- C:\Windows\System32
2019-01-16 18:34:43 ----D---- C:\Windows\winsxs
2019-01-16 18:34:02 ----D---- C:\Windows\system32\config
2019-01-16 18:33:38 ----SHD---- C:\Config.Msi
2019-01-16 18:32:15 ----D---- C:\Windows\system32\cs-CZ
2019-01-16 18:32:14 ----D---- C:\Windows\system32\en-US
2019-01-16 18:32:14 ----D---- C:\Program Files\Internet Explorer
2019-01-16 18:31:06 ----RSD---- C:\Windows\assembly
2019-01-16 18:28:36 ----SHD---- C:\Windows\Installer
2019-01-16 18:23:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-01-16 18:23:28 ----D---- C:\Windows\inf
2019-01-16 18:21:47 ----D---- C:\Windows\system32\MRT
2019-01-16 17:56:53 ----AC---- C:\Windows\system32\MRT.exe
2019-01-16 17:54:40 ----SHD---- C:\System Volume Information
2019-01-16 17:39:21 ----D---- C:\Windows\system32\catroot2
2019-01-16 17:09:39 ----A---- C:\Windows\system32\drivers\asw41680cefcf0e9963.tmp
2019-01-16 17:09:38 ----A---- C:\Windows\system32\drivers\aswa355608a43062ac0.tmp
2019-01-16 17:09:38 ----A---- C:\Windows\system32\drivers\asw2cd8496d6c34b76d.tmp
2019-01-16 17:09:37 ----A---- C:\Windows\system32\drivers\aswd5cd823a3c59feeb.tmp
2019-01-16 17:09:37 ----A---- C:\Windows\system32\drivers\aswacad07cdc991fcb7.tmp
2019-01-16 17:09:37 ----A---- C:\Windows\system32\drivers\asw74826ba6b3cfd284.tmp
2019-01-16 17:09:37 ----A---- C:\Windows\system32\drivers\asw0ec08116c3e8a6cc.tmp
2019-01-16 17:09:36 ----A---- C:\Windows\system32\drivers\asw8f263ea6d35ad9d2.tmp
2019-01-16 17:09:35 ----A---- C:\Windows\system32\drivers\aswda9a07d4dd6d6034.tmp
2019-01-16 17:09:19 ----A---- C:\Windows\system32\drivers\asw20b83012dd91fe58.tmp
2019-01-16 17:08:44 ----A---- C:\Windows\system32\drivers\asw20466a5643108dda.tmp
2019-01-15 21:21:28 ----HD---- C:\ProgramData
2019-01-15 21:20:54 ----D---- C:\Windows\Tasks
2019-01-15 21:19:40 ----D---- C:\Windows\system32\wbem
2019-01-15 21:18:38 ----D---- C:\Windows\registration
2019-01-15 21:07:54 ----D---- C:\Windows\system32\NDF
2019-01-08 16:04:46 ----D---- C:\Users\ota\AppData\Roaming\ViberPC
2019-01-05 15:14:30 ----D---- C:\Users\ota\AppData\Roaming\uTorrent
2018-12-26 18:27:50 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2019-01-16 34680]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2019-01-16 158288]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblog.sys [2019-01-16 255416]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2019-01-16 51320]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2019-01-16 72992]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2019-01-16 310400]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 173288]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2019-01-16 169216]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2019-01-16 187248]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2019-01-16 183160]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2019-01-16 40888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2019-01-16 101176]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2019-01-16 785776]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2019-01-16 401832]
R1 CFRMD;CFRMD; C:\Windows\system32\DRIVERS\CFRMD.sys [2010-12-09 64608]
R1 CFRPD;CFRPD; C:\Windows\system32\DRIVERS\CFRPD.sys [2010-12-09 33744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2018-06-29 389632]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2019-01-16 138464]
R2 drhard;drhard; C:\Windows\system32\drivers\drhard.sys [2005-12-01 23600]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-23 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver; C:\Windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2014-04-06 412952]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2013-03-25 4270288]
R3 GTIPCI21;GTIPCI21; C:\Windows\system32\DRIVERS\gtipci21.sys [2007-05-09 97280]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-24 15544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2009-05-10 31232]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-05-17 327608]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-12-14 290816]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 123328]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2019-01-16 163344]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2018-02-10 52928]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2019-01-16 42928]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-08-13 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2018-02-10 51904]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2018-02-10 52928]
S3 ViaC7;Ovladač procesoru VIA C7; C:\Windows\system32\drivers\viac7.sys [2018-08-10 53248]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-04-23 69632]
R2 Cleaner_Validator;COMODO System - Cleaner Service; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2018-12-06 347512]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 LCleanerSvc;Local Cleaner Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LDrvSvc;Local Driver Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-01-16 309480]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-12 153752]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-01-16 6300272]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-12 153752]
S3 hpqcaslwmiex;HP CASL Framework Service; C:\Program Files\HP\Shared\hpqwmiex.exe [2016-06-03 1031704]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-12-14 104960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2018-02-24 174544]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2017-04-21 47224]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 TeamViewer;TeamViewer 12; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2018-09-28 10803440]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o preventivku,pc se chova podezrele

#2 Příspěvek od Conder »

Ahoj :)

:arrow: O ake podozrive chovanie sa jedna?

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#3 Příspěvek od tutamilan »

pc je pomale,neslo se pripojit k wifi,az po pouziti bodu obnoveni z minuleho mesice

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#4 Příspěvek od tutamilan »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-16-2019
# Duration: 00:00:03
# OS: Windows 7 Ultimate
# Cleaned: 12
# Failed: 0


***** [ Services ] *****

Deleted LDRVSVC

***** [ Folders ] *****

Deleted C:\ProgramData\DRIVERTALENT

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKU\S-1-5-18\Software\OSTOTOSOFT\DRIVERTALENT
Deleted HKCU\Software\OSTOTOSOFT\DRIVERTALENT
Deleted HKU\.DEFAULT\Software\OSTOTOSOFT\DRIVERTALENT
Deleted HKLM\Software\OSTOTOSOFT\DRIVERTALENT
Deleted HKU\S-1-5-18\Software\OSTotoSoft
Deleted HKCU\Software\OSTotoSoft
Deleted HKU\.DEFAULT\Software\OSTotoSoft
Deleted HKLM\Software\OSTotoSoft
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1
Deleted HKLM\Software\Common Toolkit Suite

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2353 octets] - [16/12/2018 09:26:50]
AdwCleaner[C00].txt - [2227 octets] - [16/12/2018 09:27:50]
AdwCleaner[S01].txt - [2130 octets] - [16/01/2019 19:12:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o preventivku,pc se chova podezrele

#5 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#6 Příspěvek od tutamilan »

FireFox:
========
FF DefaultProfile: 8atgv8ah.default
FF ProfilePath: C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default [2019-01-16]
FF Homepage: Mozilla\Firefox\Profiles\8atgv8ah.default -> hxxps://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\8atgv8ah.default -> is enabled.
FF Extension: (Avast SafePrice) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\sp@avast.com.xpi [2018-04-13]
FF Extension: (Avast Online Security) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-04]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default [2019-01-18]
CHR Extension: (Prezentace) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-12]
CHR Extension: (YouTube) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12]
CHR Extension: (Tabulky) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Avast Online Security) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
CHR Extension: (Gmail) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-335174678-1145664534-2665916264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6300272 2019-01-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [309480 2019-01-16] (AVAST Software)
R2 Cleaner_Validator; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [305600 2010-12-09] ()
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
R2 LCleanerSvc; C:\Program Files\PCCleaner\PCCleanerSvc.dll [148992 2018-07-10] () [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34680 2019-01-16] (AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [169216 2019-01-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [187248 2019-01-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [158288 2019-01-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [255416 2019-01-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [51320 2019-01-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183160 2019-01-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42928 2019-01-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40888 2019-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [138464 2019-01-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101176 2019-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72992 2019-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [785776 2019-01-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [401832 2019-01-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [163344 2019-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310400 2019-01-16] (AVAST Software)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [64608 2010-12-09] (Windows (R) Win 7 DDK provider)
R1 CFRPD; C:\Windows\System32\DRIVERS\CFRPD.sys [33744 2010-12-09] (Windows (R) Win 7 DDK provider)
R2 drhard; C:\Windows\system32\Drivers\drhard.sys [23600 2005-12-01] (Licensed for Gebhard Software) [File not signed]
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [97280 2007-05-09] (Texas Instruments)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 18:23 - 2019-01-18 18:25 - 000006930 _____ C:\Users\ota\Desktop\FRST.txt
2019-01-18 18:22 - 2019-01-18 18:22 - 000000000 ____D C:\Users\ota\Desktop\FRST-OlderVersion
2019-01-16 19:10 - 2019-01-16 19:10 - 007320272 _____ (Malwarebytes) C:\Users\ota\Desktop\adwcleaner_7.2.6.0.exe
2019-01-16 18:59 - 2019-01-16 18:59 - 001107968 _____ C:\Users\ota\Desktop\RSIT (1).exe
2019-01-16 18:41 - 2019-01-16 17:09 - 000312200 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-16 17:44 - 2018-12-15 00:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-16 17:44 - 2018-12-14 07:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-16 17:44 - 2018-12-14 07:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-16 17:44 - 2018-12-14 07:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-16 17:44 - 2018-12-14 07:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-16 17:44 - 2018-12-14 07:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-16 17:44 - 2018-12-14 07:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-16 17:44 - 2018-12-14 07:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-16 17:44 - 2018-12-14 07:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-16 17:44 - 2018-12-14 07:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-16 17:44 - 2018-12-14 07:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-16 17:44 - 2018-12-14 07:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-16 17:44 - 2018-12-14 07:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-16 17:44 - 2018-12-14 07:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-16 17:44 - 2018-12-14 07:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-16 17:44 - 2018-12-14 07:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-16 17:44 - 2018-12-14 07:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-16 17:44 - 2018-12-14 07:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-16 17:44 - 2018-12-14 07:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-16 17:44 - 2018-12-14 07:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-16 17:44 - 2018-12-14 07:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-16 17:44 - 2018-12-14 07:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-16 17:44 - 2018-12-14 07:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-16 17:44 - 2018-12-14 07:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-16 17:44 - 2018-12-14 07:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-16 17:44 - 2018-12-14 07:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-16 17:44 - 2018-12-14 07:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-16 17:44 - 2018-12-14 07:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-16 17:44 - 2018-12-14 07:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-16 17:44 - 2018-12-14 07:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-16 17:44 - 2018-12-14 06:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-16 17:44 - 2018-12-14 06:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-16 17:44 - 2018-12-14 06:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-16 17:43 - 2018-12-14 07:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-16 17:43 - 2018-12-14 07:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-16 17:43 - 2018-12-14 07:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-16 17:22 - 2019-01-16 17:22 - 000187248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000255416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000158288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000051320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000034680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-16 17:03 - 2019-01-18 18:22 - 001787392 _____ (Farbar) C:\Users\ota\Desktop\FRST.exe
2019-01-04 19:33 - 2019-01-06 12:55 - 000000000 ____D C:\Users\ota\Downloads\The.Imitation.Game.2014.BDRip.XviD.CZ-TreZzoR
2019-01-04 19:31 - 2019-01-04 19:31 - 000020724 _____ C:\Users\ota\Downloads\[CzT]Kod_Enigmy_The_Imitation_Game_2014_CZ_.torrent
2018-12-31 22:29 - 2018-12-31 22:29 - 000018096 _____ C:\Users\ota\Downloads\[CzT]Deadpool_2_2018_CZ_.torrent
2018-12-31 21:07 - 2018-12-31 21:07 - 000000000 ____D C:\Users\ota\AppData\Local\Viber
2018-12-31 17:36 - 2018-12-31 17:36 - 000016149 _____ C:\Users\ota\Downloads\[CzT]Nejvetsi_showman_The_Greatest_Showman_2017_CZ_.torrent
2018-12-31 17:15 - 2018-12-31 17:15 - 000020433 _____ C:\Users\ota\Downloads\[CzT]Skryta_cisla_Hidden_Figures_2016_CZ_.torrent
2018-12-28 19:05 - 2018-12-28 19:05 - 000016585 _____ C:\Users\ota\Downloads\[CzT]Zulu_2013_CZ_.torrent
2018-12-26 18:43 - 2018-12-26 18:43 - 000150817 _____ C:\Users\ota\Downloads\[CzT]Odvazna_Vaiana_Legenda_o_konci_sveta_Moana_2016_CZ_.torrent
2018-12-26 18:35 - 2018-12-26 18:35 - 000019152 _____ C:\Users\ota\Downloads\[CzT]Everest_2015_CZ_.torrent

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 18:22 - 2018-02-25 07:01 - 000000000 ____D C:\FRST
2019-01-16 19:29 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-16 19:29 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-16 19:19 - 2018-08-13 05:19 - 000000000 ____D C:\Users\ota\AppData\Local\AVAST Software
2019-01-16 19:16 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-16 19:15 - 2018-01-01 12:05 - 000018763 _____ C:\Windows\cscmondump.bin
2019-01-16 19:00 - 2018-02-24 18:04 - 000000000 ____D C:\Program Files\trend micro
2019-01-16 18:44 - 2018-01-01 13:38 - 000002003 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-01-16 18:32 - 2018-01-01 12:31 - 000000012 _____ C:\Windows\CSC_ActiveCleanLog.dat
2019-01-16 18:32 - 2018-01-01 12:05 - 003824842 _____ C:\Windows\CSC_ServiceDump.dat
2019-01-16 18:23 - 2017-04-05 06:41 - 001558876 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-16 18:23 - 2009-07-14 09:44 - 000668792 _____ C:\Windows\system32\perfh005.dat
2019-01-16 18:23 - 2009-07-14 09:44 - 000141420 _____ C:\Windows\system32\perfc005.dat
2019-01-16 18:23 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-16 18:21 - 2017-07-02 09:37 - 000000000 ____D C:\Windows\system32\MRT
2019-01-16 17:56 - 2017-07-02 09:34 - 129687688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-16 17:16 - 2017-04-07 11:23 - 000000000 ____D C:\Users\ota\AppData\LocalLow\Mozilla
2019-01-16 17:09 - 2018-10-22 15:22 - 000040888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000401832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000310400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000183160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000169216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000163344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000138464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000101176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000072992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000042928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-16 17:08 - 2018-01-01 13:37 - 000785776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-15 21:20 - 2017-04-05 06:36 - 000000000 ____D C:\Users\ota
2019-01-15 21:18 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration
2019-01-15 21:07 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2019-01-08 16:05 - 2017-08-13 13:54 - 000000000 ____D C:\Users\ota\Documents\ViberDownloads
2019-01-08 16:04 - 2017-08-12 14:03 - 000000000 ____D C:\Users\ota\AppData\Roaming\ViberPC
2019-01-05 15:14 - 2017-11-12 17:30 - 000000000 ____D C:\Users\ota\AppData\Roaming\uTorrent
2019-01-05 15:14 - 2017-07-02 10:10 - 000000000 ___HD C:\Users\ota\Documents\NC6400- 2013.09.09.09.19.00
2018-12-26 19:26 - 2017-08-12 13:53 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-26 19:26 - 2017-08-12 13:53 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-12-15 17:24 - 2017-01-12 14:56 - 021752832 _____ () C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe
2017-07-01 12:06 - 2017-07-01 12:06 - 000000017 _____ () C:\Users\ota\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-16 17:53

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-01-2019 01
Ran by ota (18-01-2019 18:26:42)
Running from C:\Users\ota\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-04-05 05:35:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-335174678-1145664534-2665916264-500 - Administrator - Disabled)
Guest (S-1-5-21-335174678-1145664534-2665916264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-335174678-1145664534-2665916264-1002 - Limited - Enabled)
ota (S-1-5-21-335174678-1145664534-2665916264-1000 - Administrator - Enabled) => C:\Users\ota

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
COMODO System-Cleaner (HKLM\...\{C4039DC0-905D-4372-8B20-120F0B6CF283}) (Version: 3.0.172695.53 - COMODO)
Dr. Hardware 2009 9.9.2e (HKLM\...\Dr. Hardware 2009 Second Edition_is1) (Version: - Peter A. Gebhard)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{04442D89-B941-4C8C-B20D-625233B78BB0}) (Version: 12.9.24.3 - HP Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 (HKLM\...\Microsoft .NET Framework 4 Client Profile JPN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile 한국어 언어 팩 (HKLM\...\Microsoft .NET Framework 4 Client Profile KOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Client Profile CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile 繁體中文語言套件 (HKLM\...\Microsoft .NET Framework 4 Client Profile CHT Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended Language Pack - 日本語 (HKLM\...\Microsoft .NET Framework 4 Extended JPN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 한국어 언어 팩 (HKLM\...\Microsoft .NET Framework 4 Extended KOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Extended CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 繁體中文語言套件 (HKLM\...\Microsoft .NET Framework 4 Extended CHT Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 58.0.2 (x86 cs)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
OpenOffice 4.1.5 (HKLM\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Scriba 3 (HKLM\...\{C5ECA2AE-3025-4D83-BA96-94D408756495}) (Version: 3.6.0.8 - Electrox)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5240 - Analog Devices)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.6.2 - Synaptics Incorporated)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
TM-Soft-Examiner Installation V.8.00 (HKLM\...\TM-Soft-Examiner Installation V.8.00) (Version: - TM-Soft)
Viber (HKLM\...\{EAF077BA-8EA4-4CEC-A215-4ACAE713A8BF}) (Version: 6.9.0.1048 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-335174678-1145664534-2665916264-1000\...\{a85cbe05-cc32-4419-ad8f-7ff7bc41bc05}) (Version: 6.9.0.1048 - Viber Media Inc.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FFA0DD2-D296-4D6F-8136-AF7A626DA0A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {3F68D8D9-B66B-41A0-8866-1775E14B1460} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {438967D4-C236-431E-A748-1072A8CD3DF2} - System32\Tasks\COMODO Updater => C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09] (COMODO Security Solutions, Inc.)
Task: {4840CB63-9F6E-44AB-9E45-EACC4B96E14C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {4E58E9D3-5C64-4533-B52E-AC700907A9FF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-16] (AVAST Software)
Task: {69D11FEC-FBA8-4FA9-938E-3178AD450E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-12] (Google Inc.)
Task: {7DDC3EF1-FDC3-4CAB-8F96-B00B21EFD3FF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {89FFBD98-DFB8-474E-88FA-492AE376EC89} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-16] (AVAST Software)
Task: {AB1820F6-8733-45C4-91D7-DEC31BB94C69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-12] (Google Inc.)
Task: {AB38EADA-77D6-4CF9-9AA8-BECA4E59A482} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc.)
Task: {CDCC9D84-D614-4E81-9DA4-7A847E663356} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\COMODO Updater.job => C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-16 17:09 - 2019-01-16 17:09 - 000570248 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-16 18:43 - 2019-01-16 18:43 - 005740688 _____ () C:\Program Files\AVAST Software\Avast\defs\19011602\algo.dll
2019-01-16 17:09 - 2019-01-16 17:09 - 001793928 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-01-16 17:09 - 2019-01-16 17:09 - 000475016 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-16 17:09 - 2019-01-16 17:09 - 001030536 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-18 18:21 - 2019-01-18 18:21 - 005759632 _____ () C:\Program Files\AVAST Software\Avast\defs\19011802\algo.dll
2018-03-13 05:39 - 2018-03-13 05:39 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-12-09 13:08 - 2010-12-09 13:08 - 000305600 _____ () C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
2010-12-09 13:08 - 2010-12-09 13:08 - 000797632 _____ () C:\Program Files\COMODO\COMODO System-Cleaner\CSCDll.dll
2010-12-09 13:09 - 2010-12-09 13:09 - 000537536 _____ () C:\Program Files\COMODO\COMODO System-Cleaner\UtilsDll.dll
2018-08-24 18:37 - 2018-07-10 22:16 - 000148992 _____ () c:\program files\pccleaner\pccleanersvc.dll
2018-08-24 18:37 - 2018-07-10 23:34 - 000169472 _____ () c:\program files\pccleaner\PCCleanerConfig.dll
2018-08-24 18:37 - 2018-08-07 23:48 - 000296960 _____ () c:\program files\pccleaner\PlugCore.dll
2018-08-24 18:37 - 2018-08-08 00:09 - 000290816 _____ () c:\program files\pccleaner\Report.dll
2018-12-26 19:26 - 2018-12-12 05:58 - 002260960 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll
2018-12-26 19:26 - 2018-12-12 05:58 - 000128480 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2019-01-16 19:00 - 000000041 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-335174678-1145664534-2665916264-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ota\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 188.92.8.18 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Examiner8.0 CVB-11 32B.exe.lnk => C:\Windows\pss\Examiner8.0 CVB-11 32B.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeExaminer8.0.exe.lnk => C:\Windows\pss\FreeExaminer8.0.exe.lnk.Startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Viber => "C:\Users\ota\AppData\Local\Viber\Viber.exe" StartMinimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9E2FD2CB-A52B-4F7F-A67E-E2B2225324D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{5CDAEE7B-9C26-454B-BC48-117983E45870}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{DAE3C5B7-1808-4FC7-B69E-6890734FA068}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [{2E4DC489-AC06-4657-8D8C-B1FF28109489}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe (Drive The Life Co., Ltd.)
FirewallRules: [{E7C69E30-EC7C-4ED7-B05F-BF6343BD8F90}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\LDrvSvc.dll ()
FirewallRules: [{4BDF462B-FB0E-4BA8-BE4D-E12F747B4ED2}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [{4DC4668F-CA67-4E7C-A474-476E0FF1A6A1}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe (深圳市驱动人生科技股份有限公司)
FirewallRules: [TCP Query User{83712B9F-AB7D-4E06-A478-E7DFFB2980EE}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [UDP Query User{26B15F90-FFD1-4BDA-A57C-69D324A2AF25}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{036112C1-06E9-470A-958A-3A6A2C9FAAF5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{BD51F21C-7EF1-418D-A3F7-49C39AED1B98}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{4F0919D0-5ACA-428E-9D6F-7BD15840EBA2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{AB69034E-5132-4536-B68A-0E7522051A18}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [TCP Query User{E0288DA9-FA7F-44C8-9040-9AF1613E32EE}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [UDP Query User{4118D667-AA42-4FBD-8DEB-94CD36B90416}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{5F9389D1-782F-4356-910A-69AC3C1DB69E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{43D8EB43-07EC-4453-8FC8-844A3A959EC9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{DE9C00A8-B09B-4AE6-ADD7-49A69DDE09A3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{3E2F7C50-F007-48E8-89AF-3F2E8AC9129B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{A5B396DB-753F-4AA3-A04B-FF32C0D1B832}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{E3591004-D0FF-4BD3-AA5B-D102F03B988D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{CFBEC540-8839-45E7-B599-5C0243AB1A3F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Restore Points =========================

15-01-2019 21:10:25 Operace obnovení
16-01-2019 17:54:03 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2019 08:33:48 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\Windows\Prefetch\AgCx_SC1.db z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\Windows\Prefetch\AgCx_SC1.db

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (01/16/2019 08:33:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.1.7600.16385, časové razítko: 0x4a5bc100
Název chybujícího modulu: sysmain.dll, verze: 6.1.7601.24000, časové razítko: 0x5a49963b
Kód výjimky: 0xc0000006
Posun chyby: 0x00015894
ID chybujícího procesu: 0x3b8
Čas spuštění chybující aplikace: 0x01d4adc78c06be9c
Cesta k chybující aplikaci: C:\Windows\System32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: a4c1ecf8-19c5-11e9-bf5d-0016d4c089df

Error: (01/14/2019 06:11:11 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor:

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 0

Error: (01/14/2019 06:11:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_nsi, verze: 6.1.7600.16385, časové razítko: 0x4a5bc100
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db285
Kód výjimky: 0xc0000006
Posun chyby: 0x000645ac
ID chybujícího procesu: 0x3c4
Čas spuštění chybující aplikace: 0x01d49d3d4354b8d7
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 635c2faa-181f-11e9-bef2-0016d4c089df

Error: (01/10/2019 05:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CompatTelRunner.exe, verze: 10.0.17673.1003, časové razítko: 0x594ac7f3
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24231, časové razítko: 0x5b6db285
Kód výjimky: 0xc0000374
Posun chyby: 0x000c3bd3
ID chybujícího procesu: 0x4fc
Čas spuštění chybující aplikace: 0x01d4a83771c1ca94
Cesta k chybující aplikaci: C:\Windows\system32\CompatTelRunner.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: ee15c001-14f6-11e9-bef2-0016d4c089df

Error: (01/10/2019 05:36:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: HPSF.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.Runtime.InteropServices.SEHException
na Microsoft.Win32.Win32Native.RegQueryValueEx(Microsoft.Win32.SafeHandles.SafeRegistryHandle, System.String, Int32[], Int32 ByRef, Byte[], Int32 ByRef)
na Microsoft.Win32.RegistryKey.InternalGetValue(System.String, System.Object, Boolean, Boolean)
na Microsoft.Win32.RegistryKey.GetValue(System.String)
na System.Diagnostics.PerformanceMonitor.GetData(System.String)
na System.Diagnostics.PerformanceCounterLib.GetPerformanceData(System.String)
na System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
na System.Diagnostics.PerformanceCounterLib.CounterExists(System.String, System.String, Boolean ByRef)
na System.Diagnostics.PerformanceCounterLib.CounterExists(System.String, System.String, System.String)
na System.Diagnostics.PerformanceCounter.InitializeImpl()
na System.Diagnostics.PerformanceCounter..ctor(System.String, System.String, System.String, Boolean)
na System.Diagnostics.PerformanceCounter..ctor(System.String, System.String)
na HP.SupportAssistant.Engine.Utils.HPSAUtil.GetLastBootTime()
na HP.SupportAssistant.Engine.Utils.HPSAUtil.IsSystemRestarted()
na HP.SupportAssistant.HPSA_UI.App.OnStartup(System.Windows.StartupEventArgs)
na System.Windows.Application.<.ctor>b__1_0(System.Object)
na System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
na System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
na System.Windows.Threading.DispatcherOperation.InvokeImpl()
na System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Windows.Threading.DispatcherOperation.Invoke()
na System.Windows.Threading.Dispatcher.ProcessQueue()
na System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
na MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
na MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
na System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
na System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
na System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
na MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
na MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
na System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
na System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
na System.Windows.Application.RunDispatcher(System.Object)
na System.Windows.Application.RunInternal(System.Windows.Window)
na System.Windows.Application.Run(System.Windows.Window)
na HP.SupportAssistant.HPSA_UI.App.Main()

Error: (01/05/2019 04:05:23 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\Windows\Prefetch\AgCx_SC1.db z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\Windows\Prefetch\AgCx_SC1.db

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (01/05/2019 04:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.1.7600.16385, časové razítko: 0x4a5bc100
Název chybujícího modulu: sysmain.dll, verze: 6.1.7601.24000, časové razítko: 0x5a49963b
Kód výjimky: 0xc0000006
Posun chyby: 0x00015894
ID chybujícího procesu: 0x584
Čas spuštění chybující aplikace: 0x01d4a5001df247f8
Cesta k chybující aplikaci: C:\Windows\System32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: 52aac0b0-10fb-11e9-bef2-0016d4c089df


System errors:
=============
Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Platforma WDF (Windows Driver Foundation) – platforma ovladače v uživatelském režimu byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Automatická konfigurace sítě WLAN byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Správce relací správce oken plochy byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Klient služby Sledování distribuovaných odkazů byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Superfetch byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Program Compatibility Assistant Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Síťová připojení byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 100 milisekund: Restartovat službu.

Error: (01/16/2019 08:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Sledování infračerveného přenosu byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Percentage of memory in use: 55%
Total physical RAM: 3063.43 MB
Available physical RAM: 1350.85 MB
Total Virtual: 6125.22 MB
Available Virtual: 4505.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:27.88 GB) NTFS

\\?\Volume{78df1b02-19c0-11e7-9765-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 568F41D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o preventivku,pc se chova podezrele

#7 Příspěvek od Conder »

:arrow: Log FRST:txt nie je kompletny, chyba zaciatok. Vytvor logy este raz.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#8 Příspěvek od tutamilan »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-01-2019 01
Ran by ota (administrator) on HP-PC (20-01-2019 11:07:11)
Running from C:\Users\ota\Desktop
Loaded Profiles: ota (Available Profiles: ota)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
() C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DriveTheLife2013] => C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe [2132320 2015-07-23] (Drive The Life Co., Ltd.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2008-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2358584 2012-05-17] (Synaptics Incorporated)
HKLM\...\Run: [persistence module] => C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [222600 2019-01-16] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-335174678-1145664534-2665916264-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files\Google\Chrome\Application\70.0.3538.77\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 188.92.8.18 192.168.1.1
Tcpip\..\Interfaces\{5BED7537-9AC1-4692-9D2A-E0BBF9941A2D}: [DhcpNameServer] 188.92.8.18 192.168.1.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8atgv8ah.default
FF ProfilePath: C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default [2019-01-18]
FF Homepage: Mozilla\Firefox\Profiles\8atgv8ah.default -> hxxps://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\8atgv8ah.default -> is enabled.
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\sp@avast.com.xpi [2019-01-19]
FF Extension: (Avast Online Security) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\wrc@avast.com.xpi [2019-01-18]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-04]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default [2019-01-20]
CHR Extension: (Prezentace) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-12]
CHR Extension: (YouTube) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12]
CHR Extension: (Tabulky) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Avast Online Security) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
CHR Extension: (Gmail) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-335174678-1145664534-2665916264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6300272 2019-01-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [309480 2019-01-16] (AVAST Software)
R2 Cleaner_Validator; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [305600 2010-12-09] ()
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
R2 LCleanerSvc; C:\Program Files\PCCleaner\PCCleanerSvc.dll [148992 2018-07-10] () [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34680 2019-01-16] (AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [169216 2019-01-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [187248 2019-01-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [158288 2019-01-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [255416 2019-01-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [51320 2019-01-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183160 2019-01-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42928 2019-01-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40888 2019-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [138272 2019-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101176 2019-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72992 2019-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [785776 2019-01-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [401832 2019-01-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [163344 2019-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310400 2019-01-16] (AVAST Software)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [64608 2010-12-09] (Windows (R) Win 7 DDK provider)
R1 CFRPD; C:\Windows\System32\DRIVERS\CFRPD.sys [33744 2010-12-09] (Windows (R) Win 7 DDK provider)
R2 drhard; C:\Windows\system32\Drivers\drhard.sys [23600 2005-12-01] (Licensed for Gebhard Software) [File not signed]
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [97280 2007-05-09] (Texas Instruments)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-20 11:07 - 2019-01-20 11:08 - 000011822 _____ C:\Users\ota\Desktop\FRST.txt
2019-01-18 18:22 - 2019-01-18 18:22 - 000000000 ____D C:\Users\ota\Desktop\FRST-OlderVersion
2019-01-16 19:10 - 2019-01-16 19:10 - 007320272 _____ (Malwarebytes) C:\Users\ota\Desktop\adwcleaner_7.2.6.0.exe
2019-01-16 18:59 - 2019-01-16 18:59 - 001107968 _____ C:\Users\ota\Desktop\RSIT (1).exe
2019-01-16 18:41 - 2019-01-16 17:09 - 000312200 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-16 17:44 - 2018-12-15 00:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-16 17:44 - 2018-12-14 07:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-16 17:44 - 2018-12-14 07:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-16 17:44 - 2018-12-14 07:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-16 17:44 - 2018-12-14 07:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-16 17:44 - 2018-12-14 07:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-16 17:44 - 2018-12-14 07:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-16 17:44 - 2018-12-14 07:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-16 17:44 - 2018-12-14 07:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-16 17:44 - 2018-12-14 07:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-16 17:44 - 2018-12-14 07:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-16 17:44 - 2018-12-14 07:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-16 17:44 - 2018-12-14 07:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-16 17:44 - 2018-12-14 07:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-16 17:44 - 2018-12-14 07:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-16 17:44 - 2018-12-14 07:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-16 17:44 - 2018-12-14 07:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-16 17:44 - 2018-12-14 07:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-16 17:44 - 2018-12-14 07:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-16 17:44 - 2018-12-14 07:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-16 17:44 - 2018-12-14 07:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-16 17:44 - 2018-12-14 07:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-16 17:44 - 2018-12-14 07:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-16 17:44 - 2018-12-14 07:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-16 17:44 - 2018-12-14 07:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-16 17:44 - 2018-12-14 07:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-16 17:44 - 2018-12-14 07:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-16 17:44 - 2018-12-14 07:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-16 17:44 - 2018-12-14 07:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-16 17:44 - 2018-12-14 07:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-16 17:44 - 2018-12-14 06:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-16 17:44 - 2018-12-14 06:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-16 17:44 - 2018-12-14 06:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-16 17:43 - 2018-12-14 07:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-16 17:43 - 2018-12-14 07:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-16 17:43 - 2018-12-14 07:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-16 17:22 - 2019-01-16 17:22 - 000187248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000255416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000158288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000051320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000034680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-16 17:03 - 2019-01-18 18:22 - 001787392 _____ (Farbar) C:\Users\ota\Desktop\FRST.exe
2019-01-04 19:33 - 2019-01-06 12:55 - 000000000 ____D C:\Users\ota\Downloads\The.Imitation.Game.2014.BDRip.XviD.CZ-TreZzoR
2019-01-04 19:31 - 2019-01-04 19:31 - 000020724 _____ C:\Users\ota\Downloads\[CzT]Kod_Enigmy_The_Imitation_Game_2014_CZ_.torrent
2018-12-31 22:29 - 2018-12-31 22:29 - 000018096 _____ C:\Users\ota\Downloads\[CzT]Deadpool_2_2018_CZ_.torrent
2018-12-31 21:07 - 2018-12-31 21:07 - 000000000 ____D C:\Users\ota\AppData\Local\Viber
2018-12-31 17:36 - 2018-12-31 17:36 - 000016149 _____ C:\Users\ota\Downloads\[CzT]Nejvetsi_showman_The_Greatest_Showman_2017_CZ_.torrent
2018-12-31 17:15 - 2018-12-31 17:15 - 000020433 _____ C:\Users\ota\Downloads\[CzT]Skryta_cisla_Hidden_Figures_2016_CZ_.torrent
2018-12-28 19:05 - 2018-12-28 19:05 - 000016585 _____ C:\Users\ota\Downloads\[CzT]Zulu_2013_CZ_.torrent
2018-12-26 18:43 - 2018-12-26 18:43 - 000150817 _____ C:\Users\ota\Downloads\[CzT]Odvazna_Vaiana_Legenda_o_konci_sveta_Moana_2016_CZ_.torrent
2018-12-26 18:35 - 2018-12-26 18:35 - 000019152 _____ C:\Users\ota\Downloads\[CzT]Everest_2015_CZ_.torrent

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-20 11:07 - 2018-02-25 07:01 - 000000000 ____D C:\FRST
2019-01-20 11:03 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-20 11:03 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-19 10:01 - 2017-12-16 10:01 - 000000446 _____ C:\Windows\Tasks\COMODO Updater.job
2019-01-19 09:42 - 2017-05-19 21:19 - 000000000 _____ C:\Windows\system32\last.dump
2019-01-18 18:58 - 2017-04-07 11:23 - 000000000 ____D C:\Users\ota\AppData\LocalLow\Mozilla
2019-01-18 18:30 - 2018-01-01 13:37 - 000138272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-16 19:19 - 2018-08-13 05:19 - 000000000 ____D C:\Users\ota\AppData\Local\AVAST Software
2019-01-16 19:16 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-16 19:15 - 2018-01-01 12:05 - 000018763 _____ C:\Windows\cscmondump.bin
2019-01-16 19:00 - 2018-02-24 18:04 - 000000000 ____D C:\Program Files\trend micro
2019-01-16 18:44 - 2018-01-01 13:38 - 000002003 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-01-16 18:32 - 2018-01-01 12:31 - 000000012 _____ C:\Windows\CSC_ActiveCleanLog.dat
2019-01-16 18:32 - 2018-01-01 12:05 - 003824842 _____ C:\Windows\CSC_ServiceDump.dat
2019-01-16 18:23 - 2017-04-05 06:41 - 001558876 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-16 18:23 - 2009-07-14 09:44 - 000668792 _____ C:\Windows\system32\perfh005.dat
2019-01-16 18:23 - 2009-07-14 09:44 - 000141420 _____ C:\Windows\system32\perfc005.dat
2019-01-16 18:23 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-16 18:21 - 2017-07-02 09:37 - 000000000 ____D C:\Windows\system32\MRT
2019-01-16 17:56 - 2017-07-02 09:34 - 129687688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-16 17:09 - 2018-10-22 15:22 - 000040888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000401832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000310400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000183160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000169216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000163344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000101176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000072992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000042928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-16 17:08 - 2018-01-01 13:37 - 000785776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-15 21:20 - 2017-04-05 06:36 - 000000000 ____D C:\Users\ota
2019-01-15 21:18 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration
2019-01-15 21:07 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2019-01-08 16:05 - 2017-08-13 13:54 - 000000000 ____D C:\Users\ota\Documents\ViberDownloads
2019-01-08 16:04 - 2017-08-12 14:03 - 000000000 ____D C:\Users\ota\AppData\Roaming\ViberPC
2019-01-05 15:14 - 2017-11-12 17:30 - 000000000 ____D C:\Users\ota\AppData\Roaming\uTorrent
2019-01-05 15:14 - 2017-07-02 10:10 - 000000000 ___HD C:\Users\ota\Documents\NC6400- 2013.09.09.09.19.00
2018-12-26 19:26 - 2017-08-12 13:53 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-26 19:26 - 2017-08-12 13:53 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-12-15 17:24 - 2017-01-12 14:56 - 021752832 _____ () C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe
2017-07-01 12:06 - 2017-07-01 12:06 - 000000017 _____ () C:\Users\ota\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-16 17:53

==================== End of FRST.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o preventivku,pc se chova podezrele

#9 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe
    File: C:\Program Files\Analog Devices\Core\smax4pnp.exe
    File: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
    File: C:\Program Files\PCCleaner\PCCleanerSvc.dll
    File: C:\Windows\system32\Drivers\drhard.sys
    File: C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe
    File: C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe
    Folder: C:\Windows\pss
    
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
    2019-01-16 18:59 - 2019-01-16 18:59 - 001107968 _____ C:\Users\ota\Desktop\RSIT (1).exe
    2019-01-16 19:00 - 2018-02-24 18:04 - 000000000 ____D C:\Program Files\trend micro
    2017-12-15 17:24 - 2017-01-12 14:56 - 021752832 _____ () C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe
    MSCONFIG\startupfolder: C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Examiner8.0 CVB-11 32B.exe.lnk => C:\Windows\pss\Examiner8.0 CVB-11 32B.exe.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeExaminer8.0.exe.lnk => C:\Windows\pss\FreeExaminer8.0.exe.lnk.Startup
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#10 Příspěvek od tutamilan »

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-01-2019
Ran by ota (20-01-2019 19:47:20) Run:1
Running from C:\Users\ota\Desktop
Loaded Profiles: ota (Available Profiles: ota)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe
File: C:\Program Files\Analog Devices\Core\smax4pnp.exe
File: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File: C:\Program Files\PCCleaner\PCCleanerSvc.dll
File: C:\Windows\system32\Drivers\drhard.sys
File: C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe
File: C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe
Folder: C:\Windows\pss

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
2019-01-16 18:59 - 2019-01-16 18:59 - 001107968 _____ C:\Users\ota\Desktop\RSIT (1).exe
2019-01-16 19:00 - 2018-02-24 18:04 - 000000000 ____D C:\Program Files\trend micro
2017-12-15 17:24 - 2017-01-12 14:56 - 021752832 _____ () C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe
MSCONFIG\startupfolder: C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Examiner8.0 CVB-11 32B.exe.lnk => C:\Windows\pss\Examiner8.0 CVB-11 32B.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeExaminer8.0.exe.lnk => C:\Windows\pss\FreeExaminer8.0.exe.lnk.Startup

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 27381
Average :
Sum : 19375198795
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe ========================

C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe
File is digitally signed
MD5: 2565623F77E03264220F1117AB246BE1
Creation and modification date: 2017-07-28 13:43 - 2015-07-23 03:10
Size: 002132320
Attributes: ----A
Company Name: Drive The Life Co., Ltd.
Internal Name: DriveTheLife
Original Name: DriveTheLife.exe
Product: DriveTheLife
Description: DriveTheLife
File Version: 6, 2, 6, 114
Product Version: 6, 2, 6, 114
Copyright: Copyright (C) 2008-2015 DriveTheLife. All Rights Reserved.
VirusTotal: https://www.virustotal.com/file/0350b81 ... 527680797/

====== End of File: ======


========================= File: C:\Program Files\Analog Devices\Core\smax4pnp.exe ========================

C:\Program Files\Analog Devices\Core\smax4pnp.exe
File is digitally signed
MD5: 5616E23703DDBB615D41923D0768BE84
Creation and modification date: 2017-07-28 13:44 - 2008-04-23 17:00
Size: 001183744
Attributes: ----A
Company Name: Analog Devices, Inc.
Internal Name: SMax4PNP
Original Name: SMax4PNP.exe
Product: SMax4PNP Application
Description: SMax4PNP
File Version: 6,1,0,102
Product Version: 6,1,0,102
Copyright: Copyright © 2002-2006, Analog Devices
VirusTotal: https://www.virustotal.com/file/822196c ... 545819949/

====== End of File: ======


========================= File: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ========================

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File is digitally signed
MD5: 710C3AFDBB1F75E585A6D0CAC93B8FE2
Creation and modification date: 2017-07-28 13:45 - 2012-05-17 17:00
Size: 002358584
Attributes: ----A
Company Name: Synaptics Incorporated
Internal Name: Synaptics Enhancements Application
Original Name: SynTPEnh.exe
Product: Synaptics Pointing Device Driver
Description: Synaptics TouchPad Enhancements
File Version: 16.1.6.2 18May12
Product Version: 16.1.6.2 18May12
Copyright: Copyright (C) Synaptics Incorporated 1996-2012
VirusTotal: https://www.virustotal.com/file/b835bf5 ... 486915102/

====== End of File: ======


========================= File: C:\Program Files\PCCleaner\PCCleanerSvc.dll ========================

C:\Program Files\PCCleaner\PCCleanerSvc.dll
File not signed
MD5: 4F0F4222E3BB3756095022F4DAEA4990
Creation and modification date: 2018-08-24 18:37 - 2018-07-10 22:16
Size: 000148992
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.0.4
Product Version: 1.0.0.4
Copyright:
VirusTotal: https://www.virustotal.com/file/67e81da ... 547802119/

====== End of File: ======


========================= File: C:\Windows\system32\Drivers\drhard.sys ========================

C:\Windows\system32\Drivers\drhard.sys
File not signed
MD5: 0071F8825D14B16955CD0A0699AB7A6C
Creation and modification date: 2017-07-28 13:28 - 2005-12-01 09:49
Size: 000023600
Attributes: ----A
Company Name: Licensed for Gebhard Software
Internal Name: DRHARD.sys
Original Name: DRHARD.sys
Product: DRHARD Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64
Description: DRHARD Driver for Windows NT/2000/XP
File Version: 6.0
Product Version: 6.0
Copyright: EnTech Taiwan, 1997-2004
VirusTotal: https://www.virustotal.com/file/8ea0d1c ... 472555036/

====== End of File: ======


========================= File: C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe ========================

C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe
File not signed
MD5: 01B4C641F95020BA07F483787973C566
Creation and modification date: 2017-12-15 17:24 - 2017-01-12 14:56
Size: 021752832
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe ========================

C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe
File is digitally signed
MD5: 17263FE0470BB2ECF1A864DF8F6F5103
Creation and modification date: 2017-07-28 13:43 - 2017-10-17 02:21
Size: 000157360
Attributes: ----A
Company Name: 深圳市驱动人生科技股份有限公司
Internal Name: 驱动检测服务
Original Name: 驱动检测服务
Product: 驱动检测服务
Description: 驱动检测服务
File Version: 6, 0, 11, 60
Product Version: 6, 0, 11, 60
Copyright: Copyright (C) 2016 深圳市驱动人生科技股份有限公司。保留所有权利。
VirusTotal: 0

====== End of File: ======


========================= Folder: C:\Windows\pss ========================

2018-01-04 20:39 - 2018-01-04 20:27 - 000000698 ____N [2DD288AE88C4A6977B1CD61381EC7467] () C:\Windows\pss\Examiner8.0 CVB-11 32B.exe.lnk.Startup
2018-01-01 13:27 - 2017-12-15 19:29 - 000000663 ____N [D7E28639F8C299036F8843D85912925A] () C:\Windows\pss\FreeExaminer8.0.exe.lnk.Startup

====== End of Folder: ======

HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully.
C:\Users\ota\Desktop\RSIT (1).exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Examiner8.0 CVB-11 32B.exe.lnk => removed successfully.
C:\Windows\pss\Examiner8.0 CVB-11 32B.exe.lnk.Startup => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^ota^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeExaminer8.0.exe.lnk => removed successfully.
C:\Windows\pss\FreeExaminer8.0.exe.lnk.Startup => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7554880 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 27455295 B
Edge => 0 B
Chrome => 196111988 B
Firefox => 186713420 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 30705096 B
LocalService => 0 B
NetworkService => 4488 B
ota => 295611313 B

RecycleBin => 7071714019 B
EmptyTemp: => 7.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:01:42 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o preventivku,pc se chova podezrele

#11 Příspěvek od Conder »

:arrow: Poznas a pouzivas tieto programy?
  • PCCleaner
  • DriveTheLife
  • COMODO System-Cleaner
  • Scriba 3
  • TM-Soft-Examiner Installation V.8.00
:arrow: Plocha ma cca 19 GB, co je prilis vela. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

:arrow: Spusti este druhy fixlist:

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    Folder: C:\Program Files\DTLSoft
    Zip: C:\Program Files\PCCleaner;C:\FRST\Quarantine\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
    ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr. Hardware 2009 Second Edition_is1
    ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5ECA2AE-3025-4D83-BA96-94D408756495}
    ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\TM-Soft-Examiner Installation V.8.00
    
    R2 LCleanerSvc; C:\Program Files\PCCleaner\PCCleanerSvc.dll [148992 2018-07-10] () [File not signed]
    C:\Program Files\PCCleaner
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
:arrow: Na ploche by sa mal vytvorit ZIP archiv s aktualnym datumom a casom v nazve, nahraj ho napr. na leteckaposta.cz a posli odkaz na stiahnutie.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#12 Příspěvek od tutamilan »


Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosim o preventivku,pc se chova podezrele

#13 Příspěvek od Conder »

:arrow: Poznas a pouzivas tieto programy?
  • PCCleaner
  • DriveTheLife
  • COMODO System-Cleaner
  • Scriba 3
  • TM-Soft-Examiner Installation V.8.00
:arrow: Posli este posledny fixlog, mal by byt na ploche, pripadne v C:\FRST\Logs.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#14 Příspěvek od tutamilan »

Tyto dva neznam a nepouzivam,a ani je nemuzu najit v seznamu programu k odinstalovani-PCCleaner,
DriveTheLife,ostatni jsem jiz odinstaloval

tutamilan
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 led 2006 13:10
Bydliště: kamenicky senov

Re: prosim o preventivku,pc se chova podezrele

#15 Příspěvek od tutamilan »

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-01-2019
Ran by ota (22-01-2019 17:47:11) Run:2
Running from C:\Users\ota\Desktop
Loaded Profiles: ota (Available Profiles: ota)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\Program Files\DTLSoft
Zip: C:\Program Files\PCCleaner;C:\FRST\Quarantine\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr. Hardware 2009 Second Edition_is1
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5ECA2AE-3025-4D83-BA96-94D408756495}
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\TM-Soft-Examiner Installation V.8.00

R2 LCleanerSvc; C:\Program Files\PCCleaner\PCCleanerSvc.dll [148992 2018-07-10] () [File not signed]
C:\Program Files\PCCleaner

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\Program Files\DTLSoft ========================

2017-07-28 13:43 - 2017-10-30 12:24 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife
2017-07-28 13:43 - 2017-10-17 02:21 - 000927920 ____A [63C38401CC3251FE1C0B8669E277860D] (Igor Pavlov) C:\Program Files\DTLSoft\DriveTheLife\7z.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000187232 ____A [409CEDCFADACC4C97338A4DF7937755C] () C:\Program Files\DTLSoft\DriveTheLife\appconfig.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000122032 ____A [F78CAADAB7FCE3FC5EFD993301F79E34] () C:\Program Files\DTLSoft\DriveTheLife\bios.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000191664 ____A [F53D9D7270234462A58FF8299E2D3CA3] () C:\Program Files\DTLSoft\DriveTheLife\CrashCatch.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000339120 ____A [5B65BB23680ECEFA0E9A9AAC63C3FBAE] () C:\Program Files\DTLSoft\DriveTheLife\CrashReport.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000017584 ____A [3D1A528C281098DC18934F7801E849FE] (Microsoft Corporation) C:\Program Files\DTLSoft\DriveTheLife\detoured.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000122544 ____A [E8A247DD437B1EA814705C459809A859] () C:\Program Files\DTLSoft\DriveTheLife\DevCfg.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000329904 ____A [A4E24C9C5B5B008C00E25F7641C154DC] (Microsoft Corporation) C:\Program Files\DTLSoft\DriveTheLife\DIFxAPI.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 003456176 ____A [FFF56185AD004F8E7F6BB725072614FC] (OSToto Co., Ltd.) C:\Program Files\DTLSoft\DriveTheLife\DriverTalent.exe
2017-07-28 13:43 - 2015-07-23 03:10 - 002132320 ____A [2565623F77E03264220F1117AB246BE1] (Drive The Life Co., Ltd.) C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000250032 ____A [1CEB4C70F015F3BF4FAB129E1C015C8F] (深圳市驱动人生科技股份有限公司) C:\Program Files\DTLSoft\DriveTheLife\DrvAllRepair.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000234672 ____A [C0968122F4C5DBC1ACFD9424FF2D194C] () C:\Program Files\DTLSoft\DriveTheLife\drvbak.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000220848 ____A [B508BC551C4CC379DF6634FA2B6C14A2] () C:\Program Files\DTLSoft\DriveTheLife\drvget.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000402096 ____A [01D805E0BC84F8C83225004803DCB5FA] () C:\Program Files\DTLSoft\DriveTheLife\drvcheck.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000246960 ____A [5D5723F8203BD2E14687122897B021DE] () C:\Program Files\DTLSoft\DriveTheLife\drvsrc.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000111280 ____A [BA14DAC1363E4932E80827A35EDD6C99] () C:\Program Files\DTLSoft\DriveTheLife\dstudp.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 001410736 ____A [700ED4D46E1B0204223B7F8E059833F1] () C:\Program Files\DTLSoft\DriveTheLife\DTInstUI.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000571056 ____A [B59B670C60F6F97774CF921CF8882F9B] (Microsoft Corporation) C:\Program Files\DTLSoft\DriveTheLife\DTLAutoSetup.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000084832 ____A [CFB89493C2E23594ABC9BBBBFF55F637] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\dtlconfig.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000183648 ____A [0D2855D6FEE47960CC0FF151A89B3042] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\DtlCrashCatch.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000332152 ____A [0DE2E66820C94E2DE33C1D1C9A9B8265] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\DtlCrashReport.exe
2017-07-28 13:43 - 2015-07-23 03:10 - 000384864 ____A [CD1C7E6C744078E49EA4B5DDD0AE85BE] () C:\Program Files\DTLSoft\DriveTheLife\dtldrvcheck.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 001299120 ____A [DFBE5A884EDC7D5DFA449C90F664ACB8] () C:\Program Files\DTLSoft\DriveTheLife\DTLDrvUninst.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000225632 ____A [01C173F54B1254EB8FD483E2FFFF70B2] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\DtlNetDevice.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000169648 ____A [478338BC9267B203A458B131C4221D0D] () C:\Program Files\DTLSoft\DriveTheLife\DtlPlug.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000157360 ____A [17263FE0470BB2ECF1A864DF8F6F5103] (深圳市驱动人生科技股份有限公司) C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000095408 ____A [DC7A6B7C065C9E4EE9F7E758656491AD] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\DTLSubmit.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000877744 ____A [F7C49FDCBBC4BDB7F51621ED749C9B99] (深圳市驱动人生科技股份有限公司) C:\Program Files\DTLSoft\DriveTheLife\DTLUI.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000102064 ____A [ABB17E33C7029EC9C2F89C135E184F2F] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\DTLUpdate.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000253104 ____A [C4730D9CD4ABD6D757E0C803CE9DEC23] () C:\Program Files\DTLSoft\DriveTheLife\feedback.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000606896 ____A [FD39AD5ACD74B6BC9A72E76AC47A3CB4] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\gzipdll.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000780976 ____A [7BFFD63BB19A5E1A173D18280E47224B] (OSToto Co., Ltd.) C:\Program Files\DTLSoft\DriveTheLife\HardWare.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000208048 ____A [5BD1041AC26625AB617F2A19B6C09485] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\InfDrvSetup.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000000032 ____A [ECAF6C3866DC1E1E55C78262D3974396] () C:\Program Files\DTLSoft\DriveTheLife\key.dat
2017-07-28 13:43 - 2015-07-23 03:10 - 000195824 ____A [DEF2B5511421F727881D38F5D4618226] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\LDrvPro64.sys
2017-07-28 13:43 - 2017-10-17 02:21 - 000168112 ____A [DB7133E276244E3B6727AC821B1C9D07] () C:\Program Files\DTLSoft\DriveTheLife\LDrvProCtrl.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000186544 ____A [2000C030E4A538A67FC3F541EF76B83D] () C:\Program Files\DTLSoft\DriveTheLife\LDrvSvc.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000341680 ____A [777B4685716D65930DF7B564D2EAFDB8] (The cURL library, http://curl.haxx.se/) C:\Program Files\DTLSoft\DriveTheLife\libcurl.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000203952 ____A [6940055B1011D30BE4FB67A56139FA3E] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\MonReboot.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000265568 ____A [83C4B672F23A61E6E16A6039A412C30F] (深圳市驱动人生软件技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\NetDrvCore.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000287920 ____A [DA63D4F39D6ADF32911CB5C124352E44] () C:\Program Files\DTLSoft\DriveTheLife\netprtdrv.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000233648 ____A [379AFC83947BB83D9F8191AD7DF7A2A0] () C:\Program Files\DTLSoft\DriveTheLife\netprtenum.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000186544 ____A [8AAF4FAF11FB0E8AAE1627DD921A7F8E] (深圳市驱动人生科技股份有限公司) C:\Program Files\DTLSoft\DriveTheLife\p2spd.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000134320 ____A [3EDF68532D97A7AB8EC9470B07178709] () C:\Program Files\DTLSoft\DriveTheLife\pcid.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000318640 ____A [B39683C360395E23615ACD97A5503D6F] () C:\Program Files\DTLSoft\DriveTheLife\pcidetect.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 001092784 ____A [7919384C8AA781E29B5A92F43C7ABA55] () C:\Program Files\DTLSoft\DriveTheLife\pcidrv.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000812208 ____A [320CCC4B3392527031C3782A941E0BD7] () C:\Program Files\DTLSoft\DriveTheLife\pcioffdrv.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000547504 ____A [8E5DDD543FD07A8836FB1C96BD88E3F0] () C:\Program Files\DTLSoft\DriveTheLife\PCRepair.exe
2017-10-19 15:18 - 2017-10-17 02:21 - 000209072 ____A [BC988A60509EA0C4C758B234CBCB6A6E] () C:\Program Files\DTLSoft\DriveTheLife\PCRepairCore.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000171696 ____A [396640F956CEDCF3ABE7225F5B982EBC] () C:\Program Files\DTLSoft\DriveTheLife\PCRepairLogic.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000294064 ____A [170D04B34FB645A933F15F3495C2CA99] () C:\Program Files\DTLSoft\DriveTheLife\pnpdrv.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000157360 ____A [4D9B19F61F6CF42E7E87E3EBF6E5EF18] () C:\Program Files\DTLSoft\DriveTheLife\sqlcache.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000616624 ____A [54DC22B3E5D00C4991E1206A501ACBF9] () C:\Program Files\DTLSoft\DriveTheLife\sqlite3.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000169648 ____A [7B7EB26E045FEDDB95B88E6B35AC6BBC] () C:\Program Files\DTLSoft\DriveTheLife\substat.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000594096 ____A [7EC27203FBAD3ED0ACBB7DB6F547E7F5] (OSToto Co., Ltd.) C:\Program Files\DTLSoft\DriveTheLife\TrayTool.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000123568 ____A [BB653FBC2BCD6C1404A3440FB1C32AE7] () C:\Program Files\DTLSoft\DriveTheLife\udp.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000001487 ____A [91B2AD4A9288F571C77115D94D0EFFC5] () C:\Program Files\DTLSoft\DriveTheLife\Uninst.dar0
2017-07-28 13:43 - 2017-10-17 02:21 - 000022387 ____A [3027343BBC5549BA9F91BEF7900D3DA3] () C:\Program Files\DTLSoft\DriveTheLife\Uninst.dar1
2017-07-28 13:43 - 2017-10-17 02:21 - 000146608 ____A [DF102B38D7DF7E5A2FD2DC38AE98696E] () C:\Program Files\DTLSoft\DriveTheLife\uninst.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000445104 ____A [32E3365ACA13F58A88D95EB7B1E17BA0] () C:\Program Files\DTLSoft\DriveTheLife\uninstall.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000532584 ____A [9C349E8EA6EC53370DFE6AD472C852C1] (OSToto Co., Ltd.) C:\Program Files\DTLSoft\DriveTheLife\Uninstall.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000160944 ____A [284CCA3B2BD4C78AB72B0A06D9593E4D] () C:\Program Files\DTLSoft\DriveTheLife\usbenum.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000755888 ____A [49B91722D0CEECCB23B5F1A3C1D85157] (OSToto Co., Ltd.) C:\Program Files\DTLSoft\DriveTheLife\UserFeedback.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000251056 ____A [7369C33AFFC709CB669EE93BD6BA3DA0] (深圳市迅雷网络技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\xldl.dll
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\Autosetup
2017-07-28 13:43 - 2015-07-23 03:10 - 000000478 ____A [E82C20C1B43F9B24276E7813F4AF3205] () C:\Program Files\DTLSoft\DriveTheLife\Autosetup\filter.proc
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\download
2017-07-28 13:43 - 2017-10-17 02:21 - 000089600 ____A [79CB6457C81ADA9EB7F2087CE799AAA7] (Microsoft Corporation) C:\Program Files\DTLSoft\DriveTheLife\download\atl71.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000092080 ____A [DBA9A19752B52943A0850A7E19AC600A] (ShenZhen Xunlei Networking Technologies,LTD) C:\Program Files\DTLSoft\DriveTheLife\download\dl_peer_id.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 003398088 ____A [4F71AD4FBE7B77FCD7471C1F57DD5A18] (Thunder Networking Technologies,LTD) C:\Program Files\DTLSoft\DriveTheLife\download\download_engine.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000000022 ____A [BBFA50E8995513D08BD6AF543CAB22ED] () C:\Program Files\DTLSoft\DriveTheLife\download\id.dat
2017-07-28 13:43 - 2015-07-23 03:10 - 000248264 ____A [34444DC623DA1EE6E4D8520F6F9F1907] (深圳市迅雷网络技术有限公司) C:\Program Files\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000019968 ____A [7FD4F79ACA0B09FD3A60841A47CA96E7] () C:\Program Files\DTLSoft\DriveTheLife\download\minizip.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000499712 ____A [561FA2ABB31DFA8FAB762145F81667C2] (Microsoft Corporation) C:\Program Files\DTLSoft\DriveTheLife\download\msvcp71.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000355032 ____A [11316988DB0E63468529BEFF50ECCDBE] (Microsoft Corporation) C:\Program Files\DTLSoft\DriveTheLife\download\msvcr71.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000100808 ____A [92154E720998ACB6FA0F7BAD63309470] () C:\Program Files\DTLSoft\DriveTheLife\download\XLBugHandler.dll
2017-07-28 13:43 - 2015-07-23 03:10 - 000248264 ____A [67C767470D0893C4A2E46BE84C9AFCBB] () C:\Program Files\DTLSoft\DriveTheLife\download\XLBugReport.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000059904 ____A [89F6488524EAA3E5A66C5F34F3B92405] () C:\Program Files\DTLSoft\DriveTheLife\download\zlib1.dll
2017-07-28 13:43 - 2017-10-19 15:18 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\drv64
2017-07-28 13:43 - 2017-10-17 02:21 - 000135344 ____A [E5991CD653BD94C9AEC625C45B7F2466] () C:\Program Files\DTLSoft\DriveTheLife\drv64\dev32.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000156848 ____A [ED2A302E85D58105B0BC2393216E8714] () C:\Program Files\DTLSoft\DriveTheLife\drv64\dev64.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000525488 ____A [8622818FF0C4F677A7D78DE241C7724A] (Microsoft Corporation) C:\Program Files\DTLSoft\DriveTheLife\drv64\DIFxAPI.dll
2017-07-28 13:43 - 2017-10-17 02:21 - 000102576 ____A [DEC7DDB4658B1E43CC1A23B9CB3DF85A] () C:\Program Files\DTLSoft\DriveTheLife\drv64\drv32_usb.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000200368 ____A [8B3AEF472D0699EA5A6529A5A98E2B42] () C:\Program Files\DTLSoft\DriveTheLife\drv64\drv64.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000109232 ____A [619D2B29B66D6DA1539320160E0C4ACD] () C:\Program Files\DTLSoft\DriveTheLife\drv64\drv64_usb.exe
2017-10-19 15:18 - 2017-10-17 02:21 - 000159408 ____A [5771109164D80F47C126F6171A31DDEA] (深圳市驱动人生科技股份有限公司) C:\Program Files\DTLSoft\DriveTheLife\drv64\DrvSigner.exe
2017-10-19 15:18 - 2017-10-17 02:21 - 000176304 ____A [16D73E3479138FC8B38045250830B0C0] (深圳市驱动人生科技股份有限公司) C:\Program Files\DTLSoft\DriveTheLife\drv64\DrvSigner64.exe
2017-10-19 15:18 - 2017-10-17 02:21 - 000173232 ____A [CF573DC25EABB37BD36F6E4020A41C04] (深圳市驱动人生科技股份有限公司) C:\Program Files\DTLSoft\DriveTheLife\drv64\SignFile.exe
2017-07-28 13:43 - 2017-10-17 02:21 - 000000628 ____A [22FCC6204946A96F0CF51C1B8B9A42CA] () C:\Program Files\DTLSoft\DriveTheLife\drv64\wndautodata.xml
2017-07-28 13:43 - 2017-10-17 02:21 - 000001055 ____A [089B085D5BBA4E4F276F58321043131F] () C:\Program Files\DTLSoft\DriveTheLife\drv64\wndconfigdata.xml
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\Dtlconfig
2017-07-28 13:43 - 2015-07-23 03:10 - 000006962 ____A [853F04E3193A0DCDBA143097219D0694] () C:\Program Files\DTLSoft\DriveTheLife\Dtlconfig\DtlSetup.xml
2017-07-28 13:43 - 2015-07-23 03:10 - 000005455 ____A [784A7AD30283CF6CD3D041D45BB85FC9] () C:\Program Files\DTLSoft\DriveTheLife\Dtlconfig\unsetup.xml
2017-07-28 13:43 - 2017-07-28 13:43 - 000000212 ____A [EEE29B16D69E21EF341893BD28635F54] () C:\Program Files\DTLSoft\DriveTheLife\Dtlconfig\userconfig.dat
2017-07-28 13:43 - 2015-07-23 03:10 - 000000864 ____A [C762F7C1D207898114B0202D12948504] () C:\Program Files\DTLSoft\DriveTheLife\Dtlconfig\wndconfigdata.xml
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0
2017-07-28 13:43 - 2015-07-23 03:10 - 000064066 ____A [6C74B0BA2F131FA6DB62C931E456248A] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0\drv0.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000035526 ____A [506B7522B4872579277A6F571F23D0E5] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0\drv1.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000035513 ____A [24A79127D1675E62BC4C26B106DE6D3E] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0\drv2.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000029600 ____A [AFBAE03D010FDFEE687A893A1170DA84] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0\drv3.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000031875 ____A [F2EB96090A1B9EFF43ABADA375969B2D] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0\drv4.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000029602 ____A [13470F6C1A267FB61D4F159C980AD147] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0\drv5.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000035375 ____A [04C090729A5C8F1FEEDED680F6E28D74] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv0\drv6.7zz
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv1
2017-07-28 13:43 - 2015-07-23 03:10 - 000126095 ____A [12C1E2C2339A7D3FB332343D50660604] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv1\drv0.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000145334 ____A [5045B9F2D02EB3ACE49FDD5FDBACE267] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv1\drv1.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000130677 ____A [2829D20449C6549EF99B88AB0481DCBA] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv1\drv2.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000150970 ____A [835059FE1EBB8289754E19E4A06870D5] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv1\drv3.7zz
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv2
2017-07-28 13:43 - 2015-07-23 03:10 - 000149181 ____A [9BE7A16C4761DF4B1075650BBC2002F4] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv2\drv0.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000175800 ____A [BBFBC99F3E35F8A4D9F4CFF653F44267] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv2\drv1.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000148313 ____A [7A1FE783B83010E9DA9FCA3061BCA6DC] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv2\drv2.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000175825 ____A [979B89445E580CB83F65798304B0AA2F] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv2\drv3.7zz
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3
2017-07-28 13:43 - 2015-07-23 03:10 - 000035201 ____A [0606F4851BA5EF3BF2BECE8F87016131] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3\drv0.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000050958 ____A [D51ADF77D590D7790E12573EB80D5898] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3\drv1.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000063574 ____A [CCA9640B727136ABBD992C9AAE96A4E0] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3\drv2.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000059567 ____A [6AAE495886622EBA0FD4F670F1873ED1] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3\drv3.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000075348 ____A [A729DEAAEEC098115E24D68D4358A04F] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3\drv4.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000059484 ____A [336A25FB94DF409DF56CF3C0198E7825] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3\drv5.7zz
2017-07-28 13:43 - 2015-07-23 03:10 - 000072860 ____A [EB57352113456CF6949AF93965C43255] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\dtldrv3\drv6.7zz
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win7_x64
2017-07-28 13:43 - 2015-07-23 03:10 - 000009180 ____A [4F64B56B9FB2C268C053950F0BCBC46F] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win7_x64\wdmaudio.inf
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win7_x86
2017-07-28 13:43 - 2015-07-23 03:10 - 000009172 ____A [0FB1D81DE8887A441F00B7E92F83E076] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win7_x86\wdmaudio.inf
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8.1_x64
2017-07-28 13:43 - 2015-07-23 03:10 - 000024704 ____A [0A2FB89EC20A168AAF7622A33B2579D5] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8.1_x64\wdmaudio.inf
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8.1_x86
2017-07-28 13:43 - 2015-07-23 03:10 - 000024696 ____A [C7C4B49E65BBC328EE4AE700689EDF58] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8.1_x86\wdmaudio.inf
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8_x64
2017-07-28 13:43 - 2015-07-23 03:10 - 000019574 ____A [3EA185FDC8EA02EA9822361F084CB390] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8_x64\wdmaudio.inf
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8_x86
2017-07-28 13:43 - 2015-07-23 03:10 - 000019566 ____A [92EED2FB19C708AF1EB2F1236F1E9A04] () C:\Program Files\DTLSoft\DriveTheLife\dtldrv\wdmaudio\win8_x86\wdmaudio.inf
2017-07-28 13:43 - 2017-07-28 13:43 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\DTLPlugs
2017-07-28 13:43 - 2017-10-19 15:18 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\DTLUpdater
2017-07-28 13:43 - 2015-07-23 03:10 - 000537448 ____A [63B4E12E3FB694209FDE965BB5C3F154] () C:\Program Files\DTLSoft\DriveTheLife\DTLUpdater\DTLUpg.exe
2017-07-28 13:43 - 2015-07-23 03:10 - 000254824 ____A [2CA719486EBD921B6BA142DF2ABD0690] () C:\Program Files\DTLSoft\DriveTheLife\DTLUpdater\CheckUpdate.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000026696 ____A [421EF99A31604C26C182CB106D538764] () C:\Program Files\DTLSoft\DriveTheLife\DTLUpdater\update.xml
2017-10-19 15:09 - 2017-10-17 02:21 - 000026696 ____A [421EF99A31604C26C182CB106D538764] () C:\Program Files\DTLSoft\DriveTheLife\DTLUpdater\update.xml.cfg
2017-10-19 15:18 - 2017-10-19 15:18 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\HardWare
2017-10-19 15:18 - 2017-10-17 02:21 - 000003260 ____A [6C592886D877E2CE7853ADD5A13D0828] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\VR_INFO.xml
2017-10-19 15:18 - 2017-10-19 15:18 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\HWInfo
2017-10-19 15:18 - 2017-10-17 02:21 - 001405104 ____A [A2F469A529A3A818C005F0719445D635] (CPUID) C:\Program Files\DTLSoft\DriveTheLife\HardWare\HWInfo\cpuidsdk.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 001681072 ____A [3C35D3286948EF6E21AD1F8FB3DBFA57] (CPUID) C:\Program Files\DTLSoft\DriveTheLife\HardWare\HWInfo\cpuidsdk64.dll
2017-10-19 15:18 - 2017-10-17 02:21 - 000136192 ____A [C0090C1900DA6A4BE96A9F49225215F5] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\HWInfo\DeviceManuf.db3
2017-10-19 15:18 - 2017-10-17 02:21 - 001312944 ____A [EF8F856B32D5F8A09C1637C7468A7E7E] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\HWInfo\HardwareInfo.dll
2017-10-19 15:18 - 2017-10-19 15:18 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan
2017-10-19 15:18 - 2017-10-17 02:21 - 000003416 ____A [FF6B249EC828C4D92AD9A31259AE81FA] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003460 ____A [A8C18D4C3532DD4A9176D3D338A5AD18] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_arabic.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003698 ____A [66A9B159B4326E0C4F5096FFB4F53F21] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_armenian.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003702 ____A [B7512F09475FFA88EB2CC15876F01DD1] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_french.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003618 ____A [4BBDF525590667064DA503CD5F609E2E] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_german.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003010 ____A [C994DFC0744C8A9534BB4846A8B31CA8] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_japanese.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003624 ____A [FCC4FD04261E225B8EC7DF17FBEDB10C] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_portuguese.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003612 ____A [F1F65CCB40453075379CFBE84B7771E6] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_russian.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003726 ____A [B51F3151EDC69323F8A6103C0AAA40B4] () C:\Program Files\DTLSoft\DriveTheLife\HardWare\lan\language_HardWare_spanish.ini
2017-07-28 13:43 - 2017-10-19 15:18 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\lan
2017-10-19 15:18 - 2017-10-17 02:21 - 000086506 ____A [691AEEA95105775CD8F897A3EB190E23] () C:\Program Files\DTLSoft\DriveTheLife\lan\arabic.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000109604 ____A [956C50AE2EF02C051363E4AF8F9272C3] () C:\Program Files\DTLSoft\DriveTheLife\lan\armenian.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000096616 ____A [C6270488A976F4B0441165282132852D] () C:\Program Files\DTLSoft\DriveTheLife\lan\bulgarian.ini
2017-07-28 13:43 - 2017-10-17 02:21 - 000093532 ____A [4CE2BE89DDD13DF46A38B4B944019EF5] () C:\Program Files\DTLSoft\DriveTheLife\lan\english.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000114686 ____A [19496260705ED051E0912D3C4E679CC5] () C:\Program Files\DTLSoft\DriveTheLife\lan\french.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000115978 ____A [08BD1895CD26F12444398DCD02D2CECE] () C:\Program Files\DTLSoft\DriveTheLife\lan\german.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000101280 ____A [8928BBE1722F340D0E51249639B86B0C] () C:\Program Files\DTLSoft\DriveTheLife\lan\greek.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000073664 ____A [1CC95C53AF5BAD0B4ECDB15443357895] () C:\Program Files\DTLSoft\DriveTheLife\lan\japanese.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000001632 ____A [D93A68C92085982781A151C68D9CD09E] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004086 ____A [141B0671BEB944547962C61F9F193E32] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_arabic.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004046 ____A [720B56E73D738F1BE63671E5D990BD54] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_armenian.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004310 ____A [E8D99032AD58BE267F26D6A5435D99BB] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_bulgarian.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004510 ____A [E138676242290E688D45138C1FED8375] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_french.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004442 ____A [58F0AF2E44B0ADE6532A7C70423C5E98] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_german.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003548 ____A [38F31E3339B04F440D229EB9AEFEE002] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_greek.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000003514 ____A [34F0CF35619C4C1E789F13EC56B40E94] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_japanese.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004238 ____A [D911E3DDE03B83DABAB6ADA11EA52C06] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_polish.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004628 ____A [0C32F27DFA8063C6DDB84467656DB147] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_portuguese.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004430 ____A [F8FFA4A4F367ACBBDFF9F32DC2B60BE5] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_russian.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004544 ____A [85FDDDBFBA32D2F1C2787EC4F777755A] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_spanish.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000004334 ____A [8B06126AF09003244E2D61E8AC6D4AA2] () C:\Program Files\DTLSoft\DriveTheLife\lan\language_UserFeedBack_turkish.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000097852 ____A [5D7F5032F64BE73F49AFA0430F45501B] () C:\Program Files\DTLSoft\DriveTheLife\lan\polish.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000111198 ____A [E916CDA0C9EA4CE69E8988C94A0D2F26] () C:\Program Files\DTLSoft\DriveTheLife\lan\portuguese.ini
2017-07-28 13:43 - 2017-10-17 02:21 - 000000852 ____A [5C83F6C6208BA03F3AD85D21D9EC38A1] () C:\Program Files\DTLSoft\DriveTheLife\lan\readme.txt
2017-10-19 15:18 - 2017-10-17 02:21 - 000112182 ____A [D2AE6FBF7AED38980F040DA5A1393643] () C:\Program Files\DTLSoft\DriveTheLife\lan\russian.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000097350 ____A [C3516A2028B60F2CFFB239E019A63761] () C:\Program Files\DTLSoft\DriveTheLife\lan\spanish.ini
2017-10-19 15:18 - 2017-10-17 02:21 - 000000865 ____A [3B519BD9C697308ECC4B618F0639B563] () C:\Program Files\DTLSoft\DriveTheLife\lan\systemlan.xml
2017-10-19 15:18 - 2017-10-17 02:21 - 000093196 ____A [F4E6AC6A2D030911DDFD8B7EC5095BA2] () C:\Program Files\DTLSoft\DriveTheLife\lan\turkish.ini
2017-07-28 13:43 - 2017-07-28 13:43 - 000000040 ____A [F6FC0C76E8585A896F988EB4C70EEA9F] () C:\Program Files\DTLSoft\DriveTheLife\lan\UserConfig.dat
2017-10-19 15:18 - 2018-08-24 18:36 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\updater
2017-10-19 15:18 - 2017-10-17 02:21 - 000263344 ____A [12805C590A92C298590D6A1EE30AB0A1] () C:\Program Files\DTLSoft\DriveTheLife\updater\CheckUpdate.dll
2017-10-30 12:25 - 2017-10-17 02:15 - 000026812 ____A [1101207CC1F1D7841E3F7A97272B9220] () C:\Program Files\DTLSoft\DriveTheLife\updater\update.xml
2017-10-30 12:24 - 2017-10-17 02:15 - 000026812 ____A [1101207CC1F1D7841E3F7A97272B9220] () C:\Program Files\DTLSoft\DriveTheLife\updater\update.xml.cfg
2017-10-19 15:18 - 2017-10-17 02:21 - 000545968 ____A [769FA71C956F2B457A1E49E777A08679] () C:\Program Files\DTLSoft\DriveTheLife\updater\Upg.exe
2018-08-24 18:36 - 2018-08-24 18:38 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\DTLSoft\DriveTheLife\updater\ctrlf

====== End of Folder: ======

================== Zip: ===================
C:\Program Files\PCCleaner -> copied successfully to C:\Users\ota\Desktop\22.01.2019_17.48.28.zip
"C:\FRST\Quarantine\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD" -> not found
=========== Zip: End ===========
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr. Hardware 2009 Second Edition_is1]
"Inno Setup: Setup Version"="5.1.5"
"Inno Setup: App Path"="C:\Program Files\Dr. Hardware 2009 english"
"InstallLocation"="C:\Program Files\Dr. Hardware 2009 english\"
"Inno Setup: Icon Group"="Dr. Hardware 2009 english"
"Inno Setup: User"="ota"
"Inno Setup: Selected Tasks"="desktopicon"
"Inno Setup: Deselected Tasks"="quicklaunchicon"
"DisplayName"="Dr. Hardware 2009 9.9.2e"
"UninstallString"=""C:\Program Files\Dr. Hardware 2009 english\unins000.exe""
"QuietUninstallString"=""C:\Program Files\Dr. Hardware 2009 english\unins000.exe" /SILENT"
"Publisher"="Peter A. Gebhard"
"URLInfoAbout"="http://www.dr-hardware.com/"
"HelpLink"="http://www.dr-hardware.com/"
"URLUpdateInfo"="http://www.dr-hardware.com/"
"NoModify"="1"
"NoRepair"="1"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5ECA2AE-3025-4D83-BA96-94D408756495}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="3.6.0.8"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20171128"
"InstallLocation"="C:\Program Files\Electrox\Scriba 3\"
"InstallSource"="C:\Users\ota\AppData\Local\Downloaded Installations\{D3527BF6-D2A9-4B42-B739-6C40DEB9725F}\"
"ModifyPath"="MsiExec.exe /I{C5ECA2AE-3025-4D83-BA96-94D408756495}"
"Publisher"="Electrox"
"Readme"=""
"Size"=""
"EstimatedSize"="25169"
"UninstallString"="MsiExec.exe /I{C5ECA2AE-3025-4D83-BA96-94D408756495}"
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"="3"
"VersionMinor"="6"
"WindowsInstaller"="1"
"Version"="50724864"
"Language"="1033"
"DisplayName"="Scriba 3"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\TM-Soft-Examiner Installation V.8.00]
"DisplayIcon"="C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe"
"DisplayName"="TM-Soft-Examiner Installation V.8.00"
"Publisher"="TM-Soft"
"UninstallString"="C:\Users\ota\AppData\Roaming\TMS-UnInstall.exe "c:\Examin\Examiner_V.8.00_UnInstall.Log""

=== End of ExportKey ===
LCleanerSvc => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\LCleanerSvc => removed successfully.
LCleanerSvc => service removed successfully.
C:\Program Files\PCCleaner => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11540872 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 851 B
Edge => 0 B
Chrome => 11522694 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 7676274 B
LocalService => 0 B
NetworkService => 888 B
ota => 3970424 B

RecycleBin => 0 B
EmptyTemp: => 41.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:49:14 ====

Zamčeno