Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu z NTB

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
vendelin.v
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 44
Registrován: 15 pro 2005 13:06
Bydliště: Praha 5

Prosím o kontrolu logu z NTB

#1 Příspěvek od vendelin.v »

Dobrý den,
prosím o kontrolu logu mého otce, údajně se značně zpomalil.
Předem děkuji

Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017
Ran by Tomas (administrator) on TOMAS-HP (22-05-2017 19:14:34)
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas (Available Profiles: Tomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-14] (AVAST Software)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2011-02-04] (Hewlett-Packard Company)
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e76d-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e776-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {f50ad406-0544-11e4-b49b-d0df9a94cccd} - G:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-11-10] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7146ADCB-B646-4620-9085-DBCE97F2504B}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7891CC5F-B1B0-4404-9CD8-3C8A66662E43}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDF
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> {3A6E7F6C-4C02-4983-913D-D73E9BEBC71B} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-23] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF DefaultProfile: wczb2c60.default
FF ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\wczb2c60.default [2017-05-22]
FF Homepage: Mozilla\Firefox\Profiles\wczb2c60.default -> hxxps://www.seznam.cz/
FF Extension: (Avast SafePrice) - C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\wczb2c60.default\Extensions\sp@avast.com.xpi [2017-05-14]
FF Extension: (Avast Online Security) - C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\wczb2c60.default\Extensions\wrc@avast.com.xpi [2017-05-14]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
CHR Extension: (Dokumenty Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (Disk Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (YouTube) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (Avast SafePrice) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-13]
CHR Extension: (Tabulky Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Avast Online Security) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-13]
CHR Extension: (Gmail) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-14] (AVAST Software s.r.o.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-14] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-06-26] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [190256 2017-05-14] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334576 2017-05-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [49016 2017-05-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-05-14] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32600 2017-05-14] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [128648 2017-05-14] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [101152 2017-05-14] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-05-14] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1007160 2017-05-14] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [569192 2017-05-14] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [158880 2017-05-14] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [339696 2017-05-14] (AVAST Software)
S3 AVerAF35; C:\windows\System32\Drivers\AVerAF35.sys [804992 2013-06-05] (AVerMedia TECHNOLOGIES, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 SPUVCbv; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 19:14 - 2017-05-22 19:15 - 00023689 _____ C:\Users\Tomas\Desktop\FRST.txt
2017-05-22 19:13 - 2017-05-22 19:14 - 00000000 ____D C:\FRST
2017-05-22 19:13 - 2017-05-22 19:13 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-22 19:11 - 2017-05-22 19:11 - 02429952 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe
2017-05-22 18:36 - 2017-05-22 18:36 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-22 18:34 - 2017-05-22 18:35 - 09548112 _____ (Piriform Ltd) C:\Users\Tomas\Downloads\ccsetup530.exe
2017-05-15 14:03 - 2017-05-15 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-05-15 14:03 - 2017-05-15 14:03 - 00000000 ____D C:\Program Files\7-Zip
2017-05-14 09:01 - 2017-05-14 15:07 - 00004172 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-05-14 09:01 - 2017-05-14 09:01 - 00400456 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-05-14 09:01 - 2017-05-14 09:00 - 00334576 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-05-14 09:01 - 2017-05-14 09:00 - 00311808 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-05-14 09:01 - 2017-05-14 09:00 - 00190256 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-05-14 09:01 - 2017-05-14 09:00 - 00049016 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-04-22 10:30 - 2017-05-15 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-22 10:30 - 2017-04-22 10:30 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-04-22 10:29 - 2017-04-22 10:29 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 18:52 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-22 18:52 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-22 18:48 - 2016-12-10 14:26 - 00000000 ____D C:\Users\Tomas\AppData\LocalLow\Mozilla
2017-05-22 18:47 - 2011-05-10 22:10 - 00000000 ____D C:\ProgramData\PDFC
2017-05-22 18:45 - 2014-02-01 13:57 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2017-05-22 18:45 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-05-22 18:42 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2017-05-22 18:38 - 2015-08-10 20:29 - 00000000 ____D C:\Program Files\CCleaner
2017-05-22 18:38 - 2013-10-23 08:22 - 00003970 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E898E06D-9F0D-410F-B965-E53739C916AE}
2017-05-22 18:37 - 2013-12-23 10:32 - 00000000 ____D C:\Users\Tomas\AppData\Local\CrashDumps
2017-05-20 14:56 - 2015-08-15 11:41 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-19 21:15 - 2016-12-10 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-19 21:15 - 2015-08-16 10:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-18 11:59 - 2016-09-12 18:59 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-18 11:59 - 2016-09-12 18:59 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-18 11:59 - 2013-10-23 09:36 - 00004396 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-05-18 11:58 - 2013-10-23 09:36 - 00803320 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-05-18 11:58 - 2013-10-23 09:36 - 00144888 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-18 11:58 - 2013-10-23 09:36 - 00000000 ____D C:\windows\system32\Macromed
2017-05-18 11:58 - 2011-05-10 22:11 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-05-18 11:55 - 2017-02-26 18:09 - 00003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForTomas
2017-05-18 11:55 - 2016-11-08 20:44 - 00000332 _____ C:\windows\Tasks\HPCeeScheduleForTomas.job
2017-05-18 11:54 - 2013-11-24 15:29 - 00007602 _____ C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg
2017-05-14 15:06 - 2015-12-19 17:55 - 00000000 ____D C:\temp
2017-05-14 15:00 - 2016-04-01 05:58 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1459483105
2017-05-14 14:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-05-14 09:03 - 2015-08-15 11:46 - 00158880 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00569192 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00339696 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00158368 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys.149474539450802
2017-05-14 09:01 - 2015-08-15 11:46 - 00128648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00101152 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-05-14 09:00 - 2016-04-01 05:55 - 00032600 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-05-14 09:00 - 2015-08-15 11:46 - 01007160 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-05-13 22:56 - 2014-07-04 21:33 - 00000000 ____D C:\Program Files (x86)\O2 Mobilni internet
2017-05-13 21:51 - 2014-12-25 10:43 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-13 13:43 - 2014-02-01 12:57 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-03 18:12 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-05-02 17:51 - 2016-09-12 18:58 - 00003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 17:51 - 2016-09-12 18:58 - 00003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 10:28 - 2013-10-23 09:40 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2013-10-23 00:12 - 2015-08-10 21:19 - 0100464 _____ () C:\Users\Tomas\AppData\Roaming\QWInstall.log
2015-02-21 17:28 - 2015-10-25 12:57 - 0033134 _____ () C:\Users\Tomas\AppData\Roaming\UserTile.png
2013-11-24 15:29 - 2017-05-18 11:54 - 0007602 _____ () C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg
2015-12-25 14:53 - 2015-12-25 14:53 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-30 18:59

==================== End of FRST.txt =================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu z NTB

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

vendelin.v
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 44
Registrován: 15 pro 2005 13:06
Bydliště: Praha 5

Re: Prosím o kontrolu logu z NTB

#3 Příspěvek od vendelin.v »

Zde je log:

# AdwCleaner v6.047 - Log vytvořen 22/05/2017 v 20:15:28
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-05-22.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Tomas - TOMAS-HP
# Spuštěno z : C:\Users\Tomas\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1462 Bajty] - [22/05/2017 20:15:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [1941 Bajty] - [22/05/2017 20:14:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1608 Bajty] ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu z NTB

#4 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

vendelin.v
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 44
Registrován: 15 pro 2005 13:06
Bydliště: Praha 5

Re: Prosím o kontrolu logu z NTB

#5 Příspěvek od vendelin.v »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Tomas (administrator) on TOMAS-HP (22-05-2017 21:28:03)
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas (Available Profiles: Tomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-14] (AVAST Software)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2011-02-04] (Hewlett-Packard Company)
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e76d-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e776-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {f50ad406-0544-11e4-b49b-d0df9a94cccd} - G:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-11-10] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7146ADCB-B646-4620-9085-DBCE97F2504B}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7891CC5F-B1B0-4404-9CD8-3C8A66662E43}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDF
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> {3A6E7F6C-4C02-4983-913D-D73E9BEBC71B} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-23] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF DefaultProfile: wczb2c60.default
FF ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\wczb2c60.default [2017-05-22]
FF Homepage: Mozilla\Firefox\Profiles\wczb2c60.default -> hxxps://www.seznam.cz/
FF Extension: (Avast SafePrice) - C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\wczb2c60.default\Extensions\sp@avast.com.xpi [2017-05-14]
FF Extension: (Avast Online Security) - C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\wczb2c60.default\Extensions\wrc@avast.com.xpi [2017-05-14]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
CHR Extension: (Dokumenty Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (Disk Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (YouTube) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (Avast SafePrice) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-13]
CHR Extension: (Tabulky Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Avast Online Security) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-13]
CHR Extension: (Gmail) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-14] (AVAST Software s.r.o.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-14] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-06-26] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [190256 2017-05-14] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334576 2017-05-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [49016 2017-05-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-05-14] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32600 2017-05-14] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [128648 2017-05-14] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [101152 2017-05-14] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-05-14] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1007160 2017-05-14] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [569192 2017-05-14] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [158880 2017-05-14] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [339696 2017-05-14] (AVAST Software)
S3 AVerAF35; C:\windows\System32\Drivers\AVerAF35.sys [804992 2013-06-05] (AVerMedia TECHNOLOGIES, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 SPUVCbv; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 21:28 - 2017-05-22 21:28 - 00023100 _____ C:\Users\Tomas\Desktop\FRST.txt
2017-05-22 21:27 - 2017-05-22 21:27 - 00000000 ____D C:\Users\Tomas\Desktop\Log 1
2017-05-22 21:27 - 2017-05-22 21:27 - 00000000 ____D C:\Users\Tomas\Desktop\FRST-OlderVersion
2017-05-22 20:18 - 2017-05-22 20:18 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-22 20:12 - 2017-05-22 20:15 - 00000000 ____D C:\AdwCleaner
2017-05-22 20:11 - 2017-05-22 20:11 - 04110280 _____ C:\Users\Tomas\Desktop\adwcleaner_6.047.exe
2017-05-22 19:13 - 2017-05-22 21:28 - 00000000 ____D C:\FRST
2017-05-22 19:11 - 2017-05-22 21:27 - 02429952 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe
2017-05-22 18:36 - 2017-05-22 18:36 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-22 18:34 - 2017-05-22 18:35 - 09548112 _____ (Piriform Ltd) C:\Users\Tomas\Downloads\ccsetup530.exe
2017-05-15 14:03 - 2017-05-15 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-05-15 14:03 - 2017-05-15 14:03 - 00000000 ____D C:\Program Files\7-Zip
2017-05-14 09:01 - 2017-05-14 15:07 - 00004172 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-05-14 09:01 - 2017-05-14 09:01 - 00400456 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-05-14 09:01 - 2017-05-14 09:00 - 00334576 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-05-14 09:01 - 2017-05-14 09:00 - 00311808 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-05-14 09:01 - 2017-05-14 09:00 - 00190256 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-05-14 09:01 - 2017-05-14 09:00 - 00049016 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-04-22 10:30 - 2017-05-15 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-22 10:30 - 2017-04-22 10:30 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-04-22 10:29 - 2017-04-22 10:29 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 20:23 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-22 20:23 - 2009-07-14 06:45 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-22 20:20 - 2016-12-10 14:26 - 00000000 ____D C:\Users\Tomas\AppData\LocalLow\Mozilla
2017-05-22 20:19 - 2016-12-10 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-22 20:19 - 2015-08-16 10:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-22 20:18 - 2014-02-01 13:57 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2017-05-22 20:17 - 2011-05-10 22:10 - 00000000 ____D C:\ProgramData\PDFC
2017-05-22 20:16 - 2016-11-08 20:44 - 00000332 _____ C:\windows\Tasks\HPCeeScheduleForTomas.job
2017-05-22 20:16 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-05-22 19:52 - 2017-02-26 18:09 - 00003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForTomas
2017-05-22 18:42 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2017-05-22 18:38 - 2015-08-10 20:29 - 00000000 ____D C:\Program Files\CCleaner
2017-05-22 18:38 - 2013-10-23 08:22 - 00003970 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E898E06D-9F0D-410F-B965-E53739C916AE}
2017-05-22 18:37 - 2013-12-23 10:32 - 00000000 ____D C:\Users\Tomas\AppData\Local\CrashDumps
2017-05-20 14:56 - 2015-08-15 11:41 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-18 11:59 - 2016-09-12 18:59 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-18 11:59 - 2016-09-12 18:59 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-18 11:59 - 2013-10-23 09:36 - 00004396 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-05-18 11:58 - 2013-10-23 09:36 - 00803320 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-05-18 11:58 - 2013-10-23 09:36 - 00144888 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-18 11:58 - 2013-10-23 09:36 - 00000000 ____D C:\windows\system32\Macromed
2017-05-18 11:58 - 2011-05-10 22:11 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-05-18 11:54 - 2013-11-24 15:29 - 00007602 _____ C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg
2017-05-14 15:06 - 2015-12-19 17:55 - 00000000 ____D C:\temp
2017-05-14 15:00 - 2016-04-01 05:58 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1459483105
2017-05-14 14:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-05-14 09:03 - 2015-08-15 11:46 - 00158880 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00569192 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00339696 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00158368 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys.149474539450802
2017-05-14 09:01 - 2015-08-15 11:46 - 00128648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00101152 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-05-14 09:01 - 2015-08-15 11:46 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-05-14 09:00 - 2016-04-01 05:55 - 00032600 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-05-14 09:00 - 2015-08-15 11:46 - 01007160 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-05-13 22:56 - 2014-07-04 21:33 - 00000000 ____D C:\Program Files (x86)\O2 Mobilni internet
2017-05-13 21:51 - 2014-12-25 10:43 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-13 13:43 - 2014-02-01 12:57 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-03 18:12 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-05-02 17:51 - 2016-09-12 18:58 - 00003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 17:51 - 2016-09-12 18:58 - 00003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 10:28 - 2013-10-23 09:40 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2013-10-23 00:12 - 2015-08-10 21:19 - 0100464 _____ () C:\Users\Tomas\AppData\Roaming\QWInstall.log
2015-02-21 17:28 - 2015-10-25 12:57 - 0033134 _____ () C:\Users\Tomas\AppData\Roaming\UserTile.png
2013-11-24 15:29 - 2017-05-18 11:54 - 0007602 _____ () C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg
2015-12-25 14:53 - 2015-12-25 14:53 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-30 18:59

==================== End of FRST.txt ===========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu z NTB

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e76d-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e776-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {f50ad406-0544-11e4-b49b-d0df9a94cccd} - G:\AutoRun.exe
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\Ament.ini

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

vendelin.v
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 44
Registrován: 15 pro 2005 13:06
Bydliště: Praha 5

Re: Prosím o kontrolu logu z NTB

#7 Příspěvek od vendelin.v »

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Tomas (22-05-2017 22:23:01) Run:1
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas (Available Profiles: Tomas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e76d-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {83e6e776-03b1-11e4-87a2-2c4138122a49} - G:\AutoRun.exe
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\...\MountPoints2: {f50ad406-0544-11e4-b49b-d0df9a94cccd} - G:\AutoRun.exe
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1650126532-3784408424-2835801927-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\Ament.ini

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => key removed successfully
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83e6e76d-03b1-11e4-87a2-2c4138122a49} => key removed successfully
HKCR\CLSID\{83e6e76d-03b1-11e4-87a2-2c4138122a49} => key not found.
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83e6e776-03b1-11e4-87a2-2c4138122a49} => key removed successfully
HKCR\CLSID\{83e6e776-03b1-11e4-87a2-2c4138122a49} => key not found.
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f50ad406-0544-11e4-b49b-d0df9a94cccd} => key removed successfully
HKCR\CLSID\{f50ad406-0544-11e4-b49b-d0df9a94cccd} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key removed successfully
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-1650126532-3784408424-2835801927-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\Ament.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9591176 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 10873079 B
Edge => 0 B
Chrome => 8963053 B
Firefox => 177028643 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43329240 B
systemprofile32 => 9580 B
LocalService => 66228 B
NetworkService => 1224794536 B
Tomas => 13859265 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:23:14 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu z NTB

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět