Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Virus

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Virus

#1 Příspěvek od p4to »

Zdravim,
nainstaloval som virus a este ostali po nom nejake ostatky.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by p4too (administrator) on DESKTOP-FSNBGS5 (01-09-2017 18:17:39)
Running from C:\Users\p4too\Desktop
Loaded Profiles: p4too (Available Profiles: defaultuser0 & p4too)
Platform: Windows 10 Pro N Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(JetBrains s.r.o) C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
() C:\ProgramData\PrefsSecure\Nettrans.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(TODO: <Company name>) C:\ProgramData\Plusdax\Plusdax.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Flux Software LLC) C:\Users\p4too\AppData\Local\FluxSoftware\Flux\flux.exe
(© 2015 Microsoft Corporation) C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(AIMP DevTeam) C:\Program Files (x86)\AIMP\AIMP.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\p4too\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Google Update] => C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Franz] => C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe [86039832 2016-09-06] (Franz)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [ExpanDrive] => C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe [1471072 2015-02-04] (ExpanDrive, Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [f.lux] => C:\Users\p4too\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [BingSvc] => C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Spotify Web Helper] => C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-05] (Spotify Ltd)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\MountPoints2: {3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} - "F:\Lenovo_Suite.exe"
HKLM\...\Providers\vlitza5s: C:\Program Files (x86)\Jerjatstervele Server\local64spl.dll <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Plusdax\RanApron.dll => C:\ProgramData\Plusdax\RanApron.dll [343552 2017-09-01] ()
AppInit_DLLs-x32: C:\ProgramData\Plusdax\Medlux.dll => C:\ProgramData\Plusdax\Medlux.dll [246784 2017-09-01] ()
SSODL: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.220.123 208.67.222.123
Tcpip\..\Interfaces\{450fc5d8-0ece-4669-ae3b-2a1cd2e0fa44}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [DhcpNameServer] 208.67.220.123 208.67.222.123

Internet Explorer:
==================
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjAFIK8fdOM2RCOSLVO8vbh14z6umo3Iy5fYVhaMCG5LiDf8oCSMLaxlCLW0rCfvlbFjkP4ISkp_59j3fNBSEsymIpjk
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=3 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=9 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> msn.com
CHR DefaultSearchURL: ChromeDefaultData -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjx67iabMvHkU1FWmZu27fAr2W97hHnlx9c1YrJQy6P9fAKdO8052c8IAHrt92VdrGy7ODdkO00saaXfVWgXgR0wH_mU&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> feed.sonic-search.com
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-09-01] <==== ATTENTION
CHR Extension: (Prekladač Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-18]
CHR Extension: (Prezentácie Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Dokumenty Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Disk Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Form Filler) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2017-07-29]
CHR Extension: (Adblock Plus) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Chirag) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\clinijjpaohndgmfepgpifcfnmlecbom [2017-08-21]
CHR Extension: (AdBlocker - Blokovač reklám pre YouTube™) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-14]
CHR Extension: (Tabuľky Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Postman) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-08-31]
CHR Extension: (Úpravy súborov Office v Dokumentoch Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-06-23]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (AdBlock) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-01]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-01]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-08-17] () [File not signed] <==== ATTENTION
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [312320 2017-09-01] () [File not signed] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
S3 hns; C:\Windows\System32\HostNetSvc.dll [552960 2017-04-23] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 jetbrainsetw.109.0.20170824.133306; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [1678544 2017-08-24] (JetBrains s.r.o)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-08-28] () [File not signed] <==== ATTENTION
S2 netupodtep; C:\Users\p4too\AppData\Local\Doubletam.exe [4608 2017-09-01] () [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
S4 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 Plusdax; C:\ProgramData\\Plusdax\\Plusdax.exe [2554368 2017-09-01] (TODO: <Company name>) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
S2 Themes; C:\Windows\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
R3 vmcompute; C:\Windows\system32\vmcompute.exe [1910784 2017-04-23] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14422528 2017-04-23] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WinSAPSvc; C:\Windows\SysWoW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
S3 iDisplayWDDM; C:\Windows\system32\DRIVERS\idisplay.sys [40560 2016-03-22] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2017-04-23] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [24576 2017-04-23] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [46592 2017-04-23] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2017-04-23] (Microsoft Corporation)
S3 ramparser; C:\Windows\System32\drivers\ramparser.sys [30720 2017-04-23] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-08-12] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-29] (Synaptics Incorporated)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [103424 2017-04-23] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2017-04-23] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [33632 2017-04-23] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 wfcre; C:\Windows\System32\drivers\wfcre.sys [124288 2017-07-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-01 18:17 - 2017-09-01 18:17 - 000025560 _____ C:\Users\p4too\Desktop\FRST.txt
2017-09-01 18:17 - 2017-09-01 18:17 - 000000000 ____D C:\FRST
2017-09-01 18:16 - 2017-09-01 18:16 - 002395648 _____ (Farbar) C:\Users\p4too\Desktop\FRST64.exe
2017-09-01 18:16 - 2017-09-01 18:16 - 000112640 _____ (forum.viry.cz) C:\Users\p4too\Desktop\FRSTLauncher.exe
2017-09-01 17:36 - 2017-09-01 17:36 - 000000290 __RSH C:\Users\p4too\ntuser.pol
2017-09-01 17:24 - 2017-09-01 17:24 - 000041472 _____ C:\Users\p4too\AppData\Local\Doubletam.dat
2017-09-01 17:24 - 2017-09-01 17:24 - 000004608 _____ C:\Users\p4too\AppData\Local\Doubletam.exe
2017-09-01 17:24 - 2017-09-01 17:24 - 000000187 _____ C:\Users\p4too\AppData\Local\Doubletam.exe.config
2017-09-01 17:24 - 2017-09-01 17:24 - 000000000 ____D C:\ProgramData\8540e8f2-58a3-0
2017-09-01 17:24 - 2017-09-01 17:24 - 000000000 ____D C:\ProgramData\8540e8f2-3a95-1
2017-09-01 17:24 - 2017-09-01 17:24 - 000000000 ____D C:\Program Files\BitTorrent
2017-09-01 17:23 - 2017-09-01 18:08 - 000000000 ____D C:\ProgramData\Plusdax
2017-09-01 17:23 - 2017-09-01 17:28 - 001847296 _____ C:\Users\p4too\AppData\Local\po.db
2017-09-01 17:23 - 2017-09-01 17:23 - 007327744 _____ C:\Users\p4too\AppData\Local\agent.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 002554368 _____ (TODO: <Company name>) C:\Users\p4too\AppData\Local\Vivagolight.exe
2017-09-01 17:23 - 2017-09-01 17:23 - 001900814 _____ C:\Users\p4too\AppData\Local\Vivagolight.tst
2017-09-01 17:23 - 2017-09-01 17:23 - 001895382 _____ C:\Users\p4too\AppData\Local\Quosoft.bin
2017-09-01 17:23 - 2017-09-01 17:23 - 000278509 _____ C:\Users\p4too\AppData\Local\Plustop.bin
2017-09-01 17:23 - 2017-09-01 17:23 - 000140800 _____ C:\Users\p4too\AppData\Local\installer.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 000136822 _____ () C:\Users\p4too\AppData\Local\Lot-Ron.bin
2017-09-01 17:23 - 2017-09-01 17:23 - 000126464 _____ C:\Users\p4too\AppData\Local\noah.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 000070800 _____ C:\Users\p4too\AppData\Local\Config.xml
2017-09-01 17:23 - 2017-09-01 17:23 - 000019008 _____ C:\Users\p4too\AppData\Local\InstallationConfiguration.xml
2017-09-01 17:23 - 2017-09-01 17:23 - 000018432 _____ C:\Users\p4too\AppData\Local\Main.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
2017-09-01 17:23 - 2017-09-01 17:23 - 000005568 _____ C:\Users\p4too\AppData\Local\md.xml
2017-09-01 17:23 - 2017-09-01 17:23 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-01 17:23 - 2017-09-01 17:23 - 000000000 ____D C:\ProgramData\PrefsSecure
2017-09-01 17:23 - 2017-09-01 17:23 - 000000000 ____D C:\ProgramData\Plusdaxs
2017-09-01 17:23 - 2017-09-01 17:23 - 000000000 ____D C:\ProgramData\Logic Cramble
2017-08-28 19:42 - 2017-08-28 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools MDF Viewer 1.0
2017-08-27 11:33 - 2017-08-27 11:58 - 008388608 _____ C:\Users\p4too\Word_log.ldf
2017-08-27 11:33 - 2017-08-27 11:58 - 008388608 _____ C:\Users\p4too\Word.mdf
2017-08-26 21:13 - 2017-08-26 21:13 - 000000000 ____D C:\Users\p4too\AppData\Local\GitCredentialManager
2017-08-26 19:39 - 2017-08-26 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2017-08-26 19:39 - 2017-08-26 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2017-08-26 19:38 - 2017-08-26 19:40 - 000000000 ____D C:\Program Files\IIS Express
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\3082
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\2052
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1055
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1049
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1046
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1045
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1042
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1041
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1040
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1036
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1031
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1029
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1028
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\3082
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\2052
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1055
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1049
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1046
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1045
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1042
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1041
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1040
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1036
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1031
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1029
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1028
2017-08-26 19:36 - 2017-08-26 19:36 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\Program Files\Application Verifier
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-08-26 19:32 - 2017-08-26 19:32 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-08-26 19:31 - 2017-08-26 19:31 - 000001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-08-26 18:47 - 2017-08-26 18:47 - 000000000 ____D C:\Program Files (x86)\JetBrains
2017-08-12 22:30 - 2017-08-13 14:13 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome
2017-08-12 15:40 - 2012-04-16 23:33 - 000250240 _____ C:\Users\p4too\Downloads\psc.csv
2017-08-12 15:40 - 2012-04-16 23:21 - 000044955 _____ C:\Users\p4too\Downloads\adresar.txt
2017-08-06 21:08 - 2017-08-06 21:08 - 000000000 ____D C:\Users\p4too\AppData\Local\USQLDataRoot
2017-08-05 09:55 - 2017-08-07 21:43 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Sparx Systems
2017-08-05 09:55 - 2017-08-05 09:55 - 000001611 _____ C:\Users\Public\Desktop\Enterprise Architect.lnk
2017-08-05 09:55 - 2017-08-05 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enterprise Architect 9
2017-08-05 09:55 - 2017-08-05 09:55 - 000000000 ____D C:\Program Files (x86)\Sparx Systems
2017-08-04 21:29 - 2017-08-04 21:29 - 000000000 ____D C:\Users\p4too\Documents\VPProjects
2017-08-04 21:29 - 2017-08-04 21:29 - 000000000 ____D C:\Users\p4too\AppData\Roaming\java
2017-08-04 21:25 - 2017-08-04 21:37 - 000000000 ____D C:\Users\p4too\AppData\Roaming\VisualParadigm
2017-08-04 21:13 - 2017-08-04 21:14 - 000000000 ____D C:\Users\p4too\AppData\Local\NClass

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-01 18:12 - 2016-09-17 13:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-09-01 17:43 - 2016-09-17 16:38 - 004925714 _____ C:\Windows\system32\perfh01B.dat
2017-09-01 17:43 - 2016-09-17 16:38 - 001472502 _____ C:\Windows\system32\perfc01B.dat
2017-09-01 17:43 - 2016-09-17 13:25 - 010465142 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-01 17:37 - 2017-03-08 17:29 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Franz
2017-09-01 17:36 - 2017-01-18 21:27 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-01 17:36 - 2016-09-17 13:26 - 000000000 __SHD C:\Users\p4too\IntelGraphicsProfiles
2017-09-01 17:36 - 2016-09-17 13:24 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-01 17:36 - 2016-09-17 13:21 - 000000000 ____D C:\Users\p4too
2017-09-01 17:36 - 2016-09-17 13:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-01 17:29 - 2016-09-17 14:37 - 000000000 ____D C:\Users\p4too\AppData\Roaming\uTorrent
2017-09-01 17:29 - 2016-09-17 13:44 - 000000000 ____D C:\Users\p4too\AppData\Local\ClassicShell
2017-09-01 17:29 - 2016-09-17 13:31 - 000000000 ____D C:\Users\p4too\AppData\Roaming\AIMP
2017-09-01 17:29 - 2016-07-16 08:04 - 001048576 _____ C:\Windows\system32\config\BBI
2017-09-01 17:24 - 2017-02-13 19:10 - 000003832 __RSH C:\ProgramData\ntuser.pol
2017-09-01 17:24 - 2016-07-16 13:45 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-01 17:24 - 2016-07-16 13:44 - 000000000 ____D C:\Windows\INF
2017-09-01 17:23 - 2016-09-17 14:22 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Mozilla
2017-09-01 17:23 - 2016-09-17 13:27 - 000002607 _____ C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-01 17:18 - 2016-09-17 14:38 - 000000000 ____D C:\Users\p4too\AppData\Local\CrashDumps
2017-08-29 21:35 - 2017-07-21 20:36 - 000001028 _____ C:\Users\p4too\Desktop\ToDo – drazby.txt
2017-08-28 23:27 - 2017-01-02 22:20 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Spotify
2017-08-28 15:39 - 2017-01-02 22:21 - 000000000 ____D C:\Users\p4too\AppData\Local\Spotify
2017-08-27 10:09 - 2016-09-17 16:49 - 000000000 ____D C:\Users\p4too\Documents\Visual Studio 2015
2017-08-27 10:00 - 2017-07-19 20:01 - 000000000 ____D C:\Users\p4too\AppData\Local\Red Gate
2017-08-26 21:11 - 2017-04-02 21:47 - 000000000 ____D C:\Users\p4too\AppData\Local\.IdentityService
2017-08-26 19:47 - 2017-04-02 19:36 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Visual Studio Setup
2017-08-26 19:40 - 2016-09-17 16:38 - 000000000 ____D C:\Program Files (x86)\IIS Express
2017-08-26 19:39 - 2016-09-17 16:37 - 000000000 ____D C:\Program Files (x86)\NuGet
2017-08-26 19:39 - 2016-09-17 13:46 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-26 19:38 - 2016-09-17 16:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-08-26 19:38 - 2016-09-17 16:35 - 000000000 ____D C:\Windows\SysWOW64\1033
2017-08-26 19:38 - 2016-09-17 16:35 - 000000000 ____D C:\Windows\system32\1033
2017-08-26 19:38 - 2016-07-16 13:36 - 000000000 ____D C:\Windows\CbsTemp
2017-08-26 19:36 - 2016-09-17 16:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-08-26 19:34 - 2017-04-02 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-08-26 19:33 - 2017-04-02 19:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-08-26 19:32 - 2016-09-17 16:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-26 19:24 - 2017-04-02 19:36 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-08-26 18:46 - 2016-09-17 16:56 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-08-26 18:45 - 2016-09-17 16:53 - 000000000 ____D C:\Users\p4too\AppData\Local\JetBrains
2017-08-26 13:05 - 2016-10-13 22:15 - 000000000 ____D C:\Users\p4too\.nuget
2017-08-26 13:05 - 2016-10-08 18:48 - 000000000 ____D C:\Users\p4too\AppData\Local\NuGet
2017-08-26 12:29 - 2017-04-02 21:47 - 000000000 ____D C:\Users\p4too\Documents\Visual Studio 2017
2017-08-19 11:36 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\LiveKernelReports
2017-08-12 15:47 - 2016-09-17 13:22 - 000000000 ____D C:\Users\p4too\AppData\Local\Packages
2017-08-04 21:23 - 2017-01-24 09:55 - 000000000 ____D C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2017-09-01 17:23 - 2017-09-01 17:23 - 007327744 _____ () C:\Users\p4too\AppData\Local\agent.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 000070800 _____ () C:\Users\p4too\AppData\Local\Config.xml
2017-09-01 17:24 - 2017-09-01 17:24 - 000041472 _____ () C:\Users\p4too\AppData\Local\Doubletam.dat
2017-09-01 17:24 - 2017-09-01 17:24 - 000004608 _____ () C:\Users\p4too\AppData\Local\Doubletam.exe
2017-09-01 17:24 - 2017-09-01 17:24 - 000000187 _____ () C:\Users\p4too\AppData\Local\Doubletam.exe.config
2017-09-01 17:23 - 2017-09-01 17:23 - 000019008 _____ () C:\Users\p4too\AppData\Local\InstallationConfiguration.xml
2017-09-01 17:23 - 2017-09-01 17:23 - 000140800 _____ () C:\Users\p4too\AppData\Local\installer.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 000136822 _____ () C:\Users\p4too\AppData\Local\Lot-Ron.bin
2017-09-01 17:23 - 2017-09-01 17:23 - 000018432 _____ () C:\Users\p4too\AppData\Local\Main.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 000005568 _____ () C:\Users\p4too\AppData\Local\md.xml
2017-09-01 17:23 - 2017-09-01 17:23 - 000126464 _____ () C:\Users\p4too\AppData\Local\noah.dat
2017-09-01 17:23 - 2017-09-01 17:23 - 000278509 _____ () C:\Users\p4too\AppData\Local\Plustop.bin
2017-09-01 17:23 - 2017-09-01 17:28 - 001847296 _____ () C:\Users\p4too\AppData\Local\po.db
2016-09-20 19:12 - 2016-10-16 16:10 - 000000600 _____ () C:\Users\p4too\AppData\Local\PUTTY.RND
2017-09-01 17:23 - 2017-09-01 17:23 - 001895382 _____ () C:\Users\p4too\AppData\Local\Quosoft.bin
2017-03-03 20:41 - 2017-03-03 20:41 - 000007626 _____ () C:\Users\p4too\AppData\Local\Resmon.ResmonCfg
2017-09-01 17:24 - 2017-09-01 17:24 - 000001150 _____ () C:\Users\p4too\AppData\Local\uninstall_temp.ico
2017-09-01 17:23 - 2017-09-01 17:23 - 002554368 _____ (TODO: <Company name>) C:\Users\p4too\AppData\Local\Vivagolight.exe
2017-09-01 17:23 - 2017-09-01 17:23 - 001900814 _____ () C:\Users\p4too\AppData\Local\Vivagolight.tst
2017-04-01 17:58 - 2017-04-01 17:58 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-01-18 21:21 - 2017-01-18 21:21 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-01 18:46 - 2017-04-23 17:35 - 000011904 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-09-01 17:21 - 2017-09-01 17:21 - 000109568 _____ () C:\Users\p4too\AppData\Local\Temp\nsn6ADC.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-24 20:20

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:222.91 GB) (Free:101.35 GB) NTFS
Drive d: (XXX) (Fixed) (Total:43.81 GB) (Free:43.71 GB) NTFS
Drive e: (Data) (Fixed) (Total:884.95 GB) (Free:170.61 GB) NTFS

Available physical RAM: 6220.33 MB
Total physical RAM: 10152.27 MB
Percentage of memory in use: 38%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)
Disk: 1 (Size: 931.5 GB) (Disk ID: BC5584D7)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\p4too\Desktop" je 2 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpanDrive
C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe /AUTORUN [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lync
"c:\program files\microsoft office\root\office16\lync.exe" /fromrunkey [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtsFT
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsDefender
ECHO is off.


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================
Přílohy
Addition.rar
(19.21 KiB) Staženo 81 x
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#2 Příspěvek od p4to »

uz sm to prebehol kasperskym uz to vyzera lepsie
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Virus

#3 Příspěvek od Márty84 »

Zdravim :)

Dejte tedy nove logy z FRST, at vidim, co Kasper odstranil.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#4 Příspěvek od p4to »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by p4too (administrator) on DESKTOP-FSNBGS5 (02-09-2017 13:00:55)
Running from C:\Users\p4too\Desktop
Loaded Profiles: p4too (Available Profiles: defaultuser0 & p4too)
Platform: Windows 10 Pro N Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(JetBrains s.r.o) C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Flux Software LLC) C:\Users\p4too\AppData\Local\FluxSoftware\Flux\flux.exe
(© 2015 Microsoft Corporation) C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\PerfWatson2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(BitTorrent, Inc.) C:\Users\p4too\AppData\Roaming\uTorrent\utorrent.exe
(forum.viry.cz) C:\Users\p4too\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Google Update] => C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Franz] => C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe [86039832 2016-09-06] (Franz)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [ExpanDrive] => C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe [1471072 2015-02-04] (ExpanDrive, Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [f.lux] => C:\Users\p4too\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [BingSvc] => C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Spotify Web Helper] => C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-02] (Spotify Ltd)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\MountPoints2: {3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} - "F:\Lenovo_Suite.exe"
HKLM\...\Providers\vlitza5s: C:\Program Files (x86)\Jerjatstervele Server\local64spl.dll <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Plusdax\RanApron.dll => C:\ProgramData\Plusdax\RanApron.dll [343552 2017-09-01] ()
SSODL: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.220.123 208.67.222.123
Tcpip\..\Interfaces\{450fc5d8-0ece-4669-ae3b-2a1cd2e0fa44}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [DhcpNameServer] 208.67.220.123 208.67.222.123

Internet Explorer:
==================
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjAFIK8fdOM2RCOSLVO8vbh14z6umo3Iy5fYVhaMCG5LiDf8oCSMLaxlCLW0rCfvlbFjkP4ISkp_59j3fNBSEsymIpjk
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3402369080-3581635727-2017991681-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuuncActgKl_m14aSb8bFdV1g4TKoUXJZipjl7Lg7YKkjmsBMrucakwcaB1n4AxXfjxtDUMjhFRHd0HEcWzuGSbw-nBgriClkWPvl0jWzKxV012zJZtlqkRZLZiFhN2mdVvdIKDZRrpPuBfnkirffaWewB6x&q={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-09-01]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=3 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=9 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> msn.com
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-09-02] <==== ATTENTION
CHR Extension: (Prekladač Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-18]
CHR Extension: (Prezentácie Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Dokumenty Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Disk Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Form Filler) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2017-07-29]
CHR Extension: (Adblock Plus) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Chirag) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\clinijjpaohndgmfepgpifcfnmlecbom [2017-08-21]
CHR Extension: (AdBlocker - Blokovač reklám pre YouTube™) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-14]
CHR Extension: (Tabuľky Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Postman) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-08-31]
CHR Extension: (Kaspersky Protection) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-09-01]
CHR Extension: (Úpravy súborov Office v Dokumentoch Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-06-23]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (AdBlock) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-01]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-01]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [312320 2017-09-01] () [File not signed] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
S3 hns; C:\Windows\System32\HostNetSvc.dll [552960 2017-04-23] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 jetbrainsetw.109.0.20170824.133306; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [1678544 2017-08-24] (JetBrains s.r.o)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S3 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
S4 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
S2 Themes; C:\Windows\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
R3 vmcompute; C:\Windows\system32\vmcompute.exe [1910784 2017-04-23] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14422528 2017-04-23] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WinSAPSvc; C:\Windows\SysWoW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 iDisplayWDDM; C:\Windows\system32\DRIVERS\idisplay.sys [40560 2016-03-22] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197312 2017-09-01] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [520152 2017-09-01] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021624 2017-09-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-05-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-09-01] (AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-09-01] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251656 2017-09-01] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-09-01] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-09-01] (AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-05-06] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-09-01] (AO Kaspersky Lab)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2017-04-23] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [24576 2017-04-23] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [46592 2017-04-23] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2017-04-23] (Microsoft Corporation)
S3 ramparser; C:\Windows\System32\drivers\ramparser.sys [30720 2017-04-23] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-08-12] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-29] (Synaptics Incorporated)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [103424 2017-04-23] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2017-04-23] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [33632 2017-04-23] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 wfcre; C:\Windows\System32\drivers\wfcre.sys [124288 2017-07-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-02 13:00 - 2017-09-02 13:01 - 000028496 _____ C:\Users\p4too\Desktop\FRST.txt
2017-09-02 12:59 - 2017-09-02 12:59 - 000112640 _____ (forum.viry.cz) C:\Users\p4too\Desktop\FRSTLauncher.exe
2017-09-01 19:17 - 2017-09-01 19:17 - 000251656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-09-01 19:16 - 2017-09-02 12:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-09-01 19:16 - 2017-09-02 09:15 - 000003392 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-09-01 19:16 - 2017-09-01 19:33 - 001021624 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-09-01 19:16 - 2017-09-01 19:33 - 000520152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-09-01 19:16 - 2017-09-01 19:33 - 000197312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-09-01 19:16 - 2017-09-01 19:16 - 000002182 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2017-09-01 19:16 - 2017-09-01 19:16 - 000001455 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-09-01 19:16 - 2017-09-01 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2017-09-01 19:16 - 2017-09-01 19:16 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-09-01 19:16 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2017-09-01 18:54 - 2017-09-01 19:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-09-01 18:27 - 2017-09-01 18:27 - 000000000 ___RD C:\Users\p4too\Documents\MAGIX
2017-09-01 18:27 - 2017-09-01 18:27 - 000000000 ____D C:\ProgramData\simplitec
2017-09-01 18:26 - 2017-09-01 18:29 - 000000000 ____D C:\ProgramData\MAGIX
2017-09-01 18:21 - 2017-09-01 18:21 - 000000000 ____D C:\Users\p4too\Documents\MAGIX Downloads
2017-09-01 18:21 - 2017-09-01 18:21 - 000000000 ____D C:\Users\p4too\AppData\Roaming\MAGIX
2017-09-01 18:17 - 2017-09-02 13:00 - 000000000 ____D C:\FRST
2017-09-01 18:16 - 2017-09-01 18:16 - 002395648 _____ (Farbar) C:\Users\p4too\Desktop\FRST64.exe
2017-09-01 17:36 - 2017-09-01 17:36 - 000000290 __RSH C:\Users\p4too\ntuser.pol
2017-09-01 17:24 - 2017-09-01 20:24 - 000000000 ____D C:\Program Files\BitTorrent
2017-09-01 17:24 - 2017-09-01 19:33 - 000000000 ____D C:\ProgramData\8540e8f2-58a3-0
2017-09-01 17:24 - 2017-09-01 19:33 - 000000000 ____D C:\ProgramData\8540e8f2-3a95-1
2017-09-01 17:23 - 2017-09-01 20:03 - 000000000 ____D C:\ProgramData\Plusdax
2017-09-01 17:23 - 2017-09-01 19:59 - 000000000 ____D C:\ProgramData\PrefsSecure
2017-09-01 17:23 - 2017-09-01 19:59 - 000000000 ____D C:\ProgramData\Logic Cramble
2017-09-01 17:23 - 2017-09-01 17:23 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
2017-09-01 17:23 - 2017-09-01 17:23 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-01 17:23 - 2017-09-01 17:23 - 000000000 ____D C:\ProgramData\Plusdaxs
2017-08-28 19:42 - 2017-08-28 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools MDF Viewer 1.0
2017-08-27 11:33 - 2017-08-27 11:58 - 008388608 _____ C:\Users\p4too\Word_log.ldf
2017-08-27 11:33 - 2017-08-27 11:58 - 008388608 _____ C:\Users\p4too\Word.mdf
2017-08-26 21:13 - 2017-08-26 21:13 - 000000000 ____D C:\Users\p4too\AppData\Local\GitCredentialManager
2017-08-26 19:39 - 2017-08-26 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2017-08-26 19:39 - 2017-08-26 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2017-08-26 19:38 - 2017-08-26 19:40 - 000000000 ____D C:\Program Files\IIS Express
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\3082
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\2052
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1055
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1049
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1046
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1045
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1042
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1041
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1040
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1036
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1031
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1029
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1028
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\3082
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\2052
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1055
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1049
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1046
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1045
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1042
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1041
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1040
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1036
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1031
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1029
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1028
2017-08-26 19:36 - 2017-08-26 19:36 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\Program Files\Application Verifier
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-08-26 19:32 - 2017-08-26 19:32 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-08-26 19:31 - 2017-08-26 19:31 - 000001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-08-26 18:47 - 2017-08-26 18:47 - 000000000 ____D C:\Program Files (x86)\JetBrains
2017-08-12 22:30 - 2017-08-13 14:13 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome
2017-08-12 15:40 - 2012-04-16 23:33 - 000250240 _____ C:\Users\p4too\Downloads\psc.csv
2017-08-12 15:40 - 2012-04-16 23:21 - 000044955 _____ C:\Users\p4too\Downloads\adresar.txt
2017-08-06 21:08 - 2017-08-06 21:08 - 000000000 ____D C:\Users\p4too\AppData\Local\USQLDataRoot
2017-08-05 09:55 - 2017-08-07 21:43 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Sparx Systems
2017-08-05 09:55 - 2017-08-05 09:55 - 000001611 _____ C:\Users\Public\Desktop\Enterprise Architect.lnk
2017-08-05 09:55 - 2017-08-05 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enterprise Architect 9
2017-08-05 09:55 - 2017-08-05 09:55 - 000000000 ____D C:\Program Files (x86)\Sparx Systems
2017-08-04 21:29 - 2017-08-04 21:29 - 000000000 ____D C:\Users\p4too\AppData\Roaming\java
2017-08-04 21:25 - 2017-08-04 21:37 - 000000000 ____D C:\Users\p4too\AppData\Roaming\VisualParadigm
2017-08-04 21:13 - 2017-08-04 21:14 - 000000000 ____D C:\Users\p4too\AppData\Local\NClass

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-02 13:01 - 2016-09-17 14:37 - 000000000 ____D C:\Users\p4too\AppData\Roaming\uTorrent
2017-09-02 12:57 - 2017-04-02 21:47 - 000000000 ____D C:\Users\p4too\Documents\Visual Studio 2017
2017-09-02 12:53 - 2017-01-02 22:20 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Spotify
2017-09-02 11:37 - 2016-09-17 13:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-09-02 09:05 - 2016-09-17 16:38 - 004955278 _____ C:\Windows\system32\perfh01B.dat
2017-09-02 09:05 - 2016-09-17 16:38 - 001481310 _____ C:\Windows\system32\perfc01B.dat
2017-09-02 09:05 - 2016-09-17 13:25 - 010522418 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-02 09:01 - 2017-01-02 22:21 - 000000000 ____D C:\Users\p4too\AppData\Local\Spotify
2017-09-02 09:00 - 2017-03-08 17:29 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Franz
2017-09-02 08:59 - 2017-01-18 21:27 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-02 08:59 - 2016-09-17 13:26 - 000000000 __SHD C:\Users\p4too\IntelGraphicsProfiles
2017-09-02 08:59 - 2016-09-17 13:24 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-02 08:59 - 2016-09-17 13:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-02 00:58 - 2016-09-17 13:31 - 000000000 ____D C:\Users\p4too\AppData\Roaming\AIMP
2017-09-02 00:58 - 2016-07-16 08:04 - 001048576 _____ C:\Windows\system32\config\BBI
2017-09-01 21:48 - 2016-09-17 14:38 - 000000000 ____D C:\Users\p4too\AppData\Local\CrashDumps
2017-09-01 20:23 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\LiveKernelReports
2017-09-01 19:34 - 2016-07-16 13:44 - 000000000 ____D C:\Windows\INF
2017-09-01 19:33 - 2016-06-14 17:47 - 000199640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-09-01 19:17 - 2017-01-18 12:20 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-01 19:16 - 2016-07-16 13:45 - 000000000 ___HD C:\Windows\ELAMBKUP
2017-09-01 19:16 - 2016-07-16 08:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-09-01 18:42 - 2017-01-24 09:55 - 000000000 ____D C:\ProgramData\Oracle
2017-09-01 18:27 - 2016-09-17 13:44 - 000000000 ____D C:\Users\p4too\AppData\Local\ClassicShell
2017-09-01 17:36 - 2016-09-17 13:21 - 000000000 ____D C:\Users\p4too
2017-09-01 17:24 - 2017-02-13 19:10 - 000003832 __RSH C:\ProgramData\ntuser.pol
2017-09-01 17:24 - 2016-07-16 13:45 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-01 17:23 - 2016-09-17 14:22 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Mozilla
2017-09-01 17:23 - 2016-09-17 13:27 - 000002607 _____ C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 21:35 - 2017-07-21 20:36 - 000001028 _____ C:\Users\p4too\Desktop\ToDo – drazby.txt
2017-08-27 10:09 - 2016-09-17 16:49 - 000000000 ____D C:\Users\p4too\Documents\Visual Studio 2015
2017-08-27 10:00 - 2017-07-19 20:01 - 000000000 ____D C:\Users\p4too\AppData\Local\Red Gate
2017-08-26 21:11 - 2017-04-02 21:47 - 000000000 ____D C:\Users\p4too\AppData\Local\.IdentityService
2017-08-26 19:47 - 2017-04-02 19:36 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Visual Studio Setup
2017-08-26 19:40 - 2016-09-17 16:38 - 000000000 ____D C:\Program Files (x86)\IIS Express
2017-08-26 19:39 - 2016-09-17 16:37 - 000000000 ____D C:\Program Files (x86)\NuGet
2017-08-26 19:39 - 2016-09-17 13:46 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-26 19:38 - 2016-09-17 16:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-08-26 19:38 - 2016-09-17 16:35 - 000000000 ____D C:\Windows\SysWOW64\1033
2017-08-26 19:38 - 2016-09-17 16:35 - 000000000 ____D C:\Windows\system32\1033
2017-08-26 19:38 - 2016-07-16 13:36 - 000000000 ____D C:\Windows\CbsTemp
2017-08-26 19:36 - 2016-09-17 16:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-08-26 19:34 - 2017-04-02 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-08-26 19:33 - 2017-04-02 19:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-08-26 19:32 - 2016-09-17 16:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-26 19:24 - 2017-04-02 19:36 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-08-26 18:46 - 2016-09-17 16:56 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-08-26 18:45 - 2016-09-17 16:53 - 000000000 ____D C:\Users\p4too\AppData\Local\JetBrains
2017-08-26 13:05 - 2016-10-13 22:15 - 000000000 ____D C:\Users\p4too\.nuget
2017-08-26 13:05 - 2016-10-08 18:48 - 000000000 ____D C:\Users\p4too\AppData\Local\NuGet
2017-08-12 15:47 - 2016-09-17 13:22 - 000000000 ____D C:\Users\p4too\AppData\Local\Packages

==================== Files in the root of some directories =======

2017-04-01 17:58 - 2017-04-01 17:58 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-01-18 21:21 - 2017-01-18 21:21 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-01 18:46 - 2017-04-23 17:35 - 000011904 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-24 20:20

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:222.91 GB) (Free:99.51 GB) NTFS
Drive d: (XXX) (Fixed) (Total:43.81 GB) (Free:43.71 GB) NTFS
Drive e: (Data) (Fixed) (Total:884.95 GB) (Free:157.42 GB) NTFS
Drive f: (Lenovo_Suite) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

Available physical RAM: 6793.16 MB
Total physical RAM: 10152.27 MB
Percentage of memory in use: 33%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)
Disk: 1 (Size: 931.5 GB) (Disk ID: BC5584D7)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Kaspersky Anti-Virus (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\p4too\Desktop" je 2 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpanDrive
C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe /AUTORUN [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lync
"c:\program files\microsoft office\root\office16\lync.exe" /fromrunkey [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtsFT
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsDefender
ECHO is off.


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

==================== End Of Log ==============================
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Virus

#5 Příspěvek od Márty84 »

No nic moc :?:

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#6 Příspěvek od p4to »

Dakujem za vasu pomoc. No a to som myslel ze kupil licenciu na 2 roky pre ten kaspersky ...
Tu je AdwCleaner[C0]. Idem na ten druhy.

# AdwCleaner 7.0.2.1 - Logfile created on Sat Sep 02 13:37:57 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Pro N (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: WinSAPSvc


***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\p4too\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Gubed
Deleted: C:\Users\Default\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\Default User\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\p4too\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\ProgramData\Plusdax
Deleted: C:\Users\All Users\Plusdax
Deleted: C:\ProgramData\PrefsSecure
Deleted: C:\Users\All Users\PrefsSecure
Deleted: C:\ProgramData\PrefsSecure
Deleted: C:\Users\All Users\PrefsSecure
Deleted: C:\ProgramData\Logic Cramble
Deleted: C:\Users\All Users\Logic Cramble
Deleted: C:\ProgramData\Plusdax
Deleted: C:\Users\All Users\Plusdax
Deleted: C:\ProgramData\Plusdaxs
Deleted: C:\Users\All Users\Plusdaxs
Deleted: C:\Users\p4too\AppData\Roaming\UCChannel
Deleted: C:\ProgramData\WinSAPSvc
Deleted: C:\Users\All Users\WinSAPSvc
Deleted: C:\Windows\Temp\Smartbar
Deleted: C:\ProgramData\Plusdax
Deleted: C:\Users\All Users\Plusdax
Deleted: C:\ProgramData\8540e8f2-3a95-1
Deleted: C:\ProgramData\8540e8f2-58a3-0


***** [ Files ] *****

Deleted: C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted: C:\Users\p4too\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
Deleted: C:\Windows\SysNative\drivers\KuaiZipDrive.sys
Deleted: C:\Windows\SysNative\drivers\wfcre.sys
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\PO.DB
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PO.DB
Deleted: C:\Windows\System32\findit.xml
Deleted: C:\Windows\SysWOW64\findit.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Cleaned: C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\p4too\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[%SNP%]


***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\Themes|DependOnService
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted: [Value] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted: [Value] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted: [Key] - HKU\.DEFAULT\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-18\Software\UpgSvr
Deleted: [Key] - HKCU\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKLM\SOFTWARE\xvb`lj
Deleted: [Key] - HKU\.DEFAULT\Software\xvb`lj
Deleted: [Key] - HKU\S-1-5-18\Software\xvb`lj
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\Setup_WinThruster_2016.exe
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs [C:\ProgramData\Plusdax\RanApron.dll]
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gplyra
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted: [Key] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\CasterDate
Deleted: [Key] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\dlr
Deleted: [Key] - HKCU\Software\dlr
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Deleted: [Key] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKLM\SOFTWARE\mtPlusdax
Deleted: [Key] - HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\mtPlusdax
Deleted: [Key] - HKCU\Software\mtPlusdax


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8213 B] - [2017/9/2 13:36:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#7 Příspěvek od p4to »

Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 02.09.17
Čas skenovania: 17:44
Súbor denníka: 9fa183c2-8ff5-11e7-89f7-f0761c6c6ff4.json
Správca: Áno

-Údaje o softvéri-
Verzia: 3.2.2.2018
Verzia súčastí: 1.0.188
Aktualizovať verziu balíka: 1.0.2712
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 10 (Build 14393.351)
Procesor: x64
Systém súborov: NTFS
Používateľ: DESKTOP-FSNBGS5\p4too

-Zhrnutie skenovania-
Typ skenovania: Vlastné skenovanie
Výsledok: Dokončené
Preskenované objekty: 757211
Zistené hrozby: 62
Hrozby umiestnené do karantény: 0
(Nezistili sa nijaké škodlivé položky)
Uplynulý čas: 1 h, 39 min, 49 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 1
PUP.Optional.Amonetize, C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE, Bez zásahu používateľa, [6], [388897],1.0.2712

Modul: 1
PUP.Optional.Amonetize, C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE, Bez zásahu používateľa, [6], [388897],1.0.2712

Kľúč databázy Registry: 17
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, Bez zásahu používateľa, [233], [259987],1.0.2712
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, Bez zásahu používateľa, [313], [259314],1.0.2712
PUP.Optional.Wiki, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, Bez zásahu používateľa, [2640], [360475],1.0.2712
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Plusdax.exe, Bez zásahu používateľa, [2247], [383093],1.0.2712
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\Doubletam_RASAPI32, Bez zásahu používateľa, [1954], [258159],1.0.2712
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\Doubletam_RASMANCS, Bez zásahu používateľa, [1954], [258159],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6350F148-8A29-48C9-99CE-2C7FEF126616}, Bez zásahu používateľa, [233], [259768],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{981C3C19-A359-4132-833D-5A7FCBD1B9AC}, Bez zásahu používateľa, [233], [259769],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtApService, Bez zásahu používateľa, [233], [259827],1.0.2712
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\xvb`lj, Bez zásahu používateľa, [1], [389650],1.0.2712
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\vlitza5s, Bez zásahu používateľa, [1714], [339986],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snf, Bez zásahu používateľa, [233], [259771],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snp, Bez zásahu používateľa, [233], [259772],1.0.2712
PUP.Optional.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wfcre, Bez zásahu používateľa, [96], [417525],1.0.2712
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BitTorrent, Bez zásahu používateľa, [6], [388897],1.0.2712
Adware.NeoBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}, Bez zásahu používateľa, [514], [420739],1.0.2712
Adware.NeoBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}, Bez zásahu používateľa, [514], [420739],1.0.2712

Hodnota databázy Registry: 10
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Bez zásahu používateľa, [233], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Bez zásahu používateľa, [233], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, Bez zásahu používateľa, [233], [259987],1.0.2712
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Bez zásahu používateľa, [233], [259988],1.0.2712
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, Bez zásahu používateľa, [313], [259314],1.0.2712
PUP.Optional.Linkury, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, Bez zásahu používateľa, [313], [259313],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, Bez zásahu používateľa, [233], [259989],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6350F148-8A29-48C9-99CE-2C7FEF126616}|PATH, Bez zásahu používateľa, [233], [259768],1.0.2712
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{981C3C19-A359-4132-833D-5A7FCBD1B9AC}|PATH, Bez zásahu používateľa, [233], [259769],1.0.2712
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\vlitza5s|NAME, Bez zásahu používateľa, [1714], [339986],1.0.2712

Údaje databázy Registry: 7
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Bez zásahu používateľa, [233], [293485],1.0.2712
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Bez zásahu používateľa, [233], [293485],1.0.2712
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Bez zásahu používateľa, [233], [293485],1.0.2712
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Bez zásahu používateľa, [233], [293485],1.0.2712
PUP.Optional.Linkury, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Bez zásahu používateľa, [313], [293476],1.0.2712
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Bez zásahu používateľa, [233], [293486],1.0.2712
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Bez zásahu používateľa, [313], [293477],1.0.2712

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 1
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\SAILDOM, Bez zásahu používateľa, [233], [302564],1.0.2712

Súbor: 25
PUP.Optional.Amonetize, C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE, Bez zásahu používateľa, [6], [388897],1.0.2712
Adware.Linkury, C:\PROGRAM FILES\BITTORRENT\BIN\07E29358-BE37-40AD-BEE3-A4ECBEBBC88F\ZSZODFOT.EXE, Bez zásahu používateľa, [1990], [414962],1.0.2712
Adware.Linkury, C:\PROGRAM FILES\BITTORRENT\BIN\07E29358-BE37-40AD-BEE3-A4ECBEBBC88F\UV40ATK5.EXE, Bez zásahu používateľa, [1990], [414962],1.0.2712
Generic.Malware/Suspicious, C:\PROGRAM FILES\BITTORRENT\BIN\07E29358-BE37-40AD-BEE3-A4ECBEBBC88F\XTC.EXE, Bez zásahu používateľa, [0], [392686],1.0.2712
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\SAILDOM\INSTALLATIONCONFIGURATION.XML, Bez zásahu používateľa, [233], [302564],1.0.2712
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Saildom\uninstall.dat, Bez zásahu používateľa, [233], [302564],1.0.2712
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Saildom\uninstall.ico, Bez zásahu používateľa, [233], [302564],1.0.2712
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\EXPANDRIVE\PATCH.EXE, Bez zásahu používateľa, [0], [392686],1.0.2712
PUP.Optional.MyRadioXP, C:\USERS\P4TOO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\LOCAL STORAGE\CHROME-EXTENSION_FNHFDMNPHMBBJBGPPNPCDDKEFMEOKFHO_0.LOCALSTORAGE, Bez zásahu používateľa, [2650], [360496],1.0.2712
Adware.IStartSurf, C:\USERS\P4TOO\APPDATA\LOCAL\TEMP\NSY4855.TMP\SETUP__21223_IL2.EXE, Bez zásahu používateľa, [803], [431047],1.0.2712
Trojan.Agent.MSIL, C:\USERS\P4TOO\APPDATA\LOCAL\TEMP\QDCDD\TLC.EXE, Bez zásahu používateľa, [359], [341171],1.0.2712
Adware.Eszjuxuan, C:\USERS\P4TOO\APPDATA\LOCAL\TEMP\IS-O1BTR.TMP\ENJOYWIFI.EXE, Bez zásahu používateľa, [170], [422890],1.0.2712
PUP.Optional.Amonetize, C:\USERS\P4TOO\APPDATA\LOCAL\TEMP\AMIPIXEL.CFG, Bez zásahu používateľa, [6], [302488],1.0.2712
Generic.Malware/Suspicious, C:\WINDOWS\TEMP\TMP9C38.TMP, Bez zásahu používateľa, [0], [392686],1.0.2712
Adware.Linkury, C:\WINDOWS\TEMP\RARSFX0\NOAH.EXE, Bez zásahu používateľa, [1990], [414962],1.0.2712
RiskWare.Tool.CK, E:\DOKUMENTY\LITERATURA\POKER\POKERBOOKS\VARIOUS\POKER PRO 2006\POKERPRO2006V4167_CRACK.EXE, Bez zásahu používateľa, [257], [25605],1.0.2712
Backdoor.Bladabindi.MSIL, E:\DOKUMENTY\ZDROJAKY_CUDZIE\SERIALIZATION-DOTNET-4-5\3-SERIALIZATION-DOTNET-4-5-M3-EXERCISE-FILES\ADVANCED VERSIONING USING SERIALIZATIONBINDER\SERVER\OBJ\DEBUG\SERVER.EXE, Bez zásahu používateľa, [827], [66645],1.0.2712
Backdoor.Bladabindi.MSIL, E:\DOKUMENTY\ZDROJAKY_CUDZIE\SERIALIZATION-DOTNET-4-5\3-SERIALIZATION-DOTNET-4-5-M3-EXERCISE-FILES\ADVANCED VERSIONING USING SERIALIZATIONBINDER\SERVER\BIN\DEBUG\SERVER.EXE, Bez zásahu používateľa, [827], [66645],1.0.2712
Trojan.Agent, E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES\AFTER\PAINT\PAINT\BIN\DEBUG\PAINT.EXE, Bez zásahu používateľa, [19], [26277],1.0.2712
Trojan.Agent, E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES\AFTER\PAINT\PAINT\OBJ\X86\DEBUG\PAINT.EXE, Bez zásahu používateľa, [19], [26277],1.0.2712
Trojan.Agent, E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES\BEFORE\PAINT\PAINT\BIN\DEBUG\PAINT.EXE, Bez zásahu používateľa, [19], [26277],1.0.2712
Trojan.Agent, E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES\BEFORE\PAINT\PAINT\OBJ\X86\DEBUG\PAINT.EXE, Bez zásahu používateľa, [19], [26277],1.0.2712
Trojan.Agent, E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES\AFTER\PAINT\PAINT\BIN\DEBUG\PAINT.MM.EXE, Bez zásahu používateľa, [19], [26277],1.0.2712
Trojan.Agent, E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES.ZIP, Bez zásahu používateľa, [19], [26277],1.0.2712
Generic.Malware/Suspicious, E:\TOOLS\EXPANDRIVE V4.3.1\CRACK\PATCH.EXE, Bez zásahu používateľa, [0], [392686],1.0.2712

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Virus

#8 Příspěvek od Márty84 »

p4to píše:Dakujem za vasu pomoc. No a to som myslel ze kupil licenciu na 2 roky pre ten kaspersky ...
Zadny antivir neni 100%. Otazkou je, jestli by to Kasper do toho pocitace pustil, kdyby tam byl uz predtim. Podle logu tam byl nainstalovany az po nakaze.


:arrow: Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#9 Příspěvek od p4to »

Tak dve tam este su. Dal som ich do karanteny.

-Podrobnosti denníka-
Dátum skenovania: 03.09.17
Čas skenovania: 12:27
Súbor denníka: 8d71b8aa-9092-11e7-a22a-f0761c6c6ff4.json
Správca: Áno

-Údaje o softvéri-
Verzia: 3.2.2.2018
Verzia súčastí: 1.0.188
Aktualizovať verziu balíka: 1.0.2717
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 10 (Build 14393.351)
Procesor: x64
Systém súborov: NTFS
Používateľ: DESKTOP-FSNBGS5\p4too

-Zhrnutie skenovania-
Typ skenovania: Vlastné skenovanie
Výsledok: Dokončené
Preskenované objekty: 757758
Zistené hrozby: 2
Hrozby umiestnené do karantény: 0
(Nezistili sa nijaké škodlivé položky)
Uplynulý čas: 1 h, 42 min, 2 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 2
Adware.Linkury, C:\PROGRAM FILES\BITTORRENT\BIN\07E29358-BE37-40AD-BEE3-A4ECBEBBC88F\XRERRXJW.EXE, Bez zásahu používateľa, [1990], [414962],1.0.2717
Trojan.Agent, E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES.ZIP, Bez zásahu používateľa, [19], [26277],1.0.2717

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Virus

#10 Příspěvek od Márty84 »

p4to píše:Tak dve tam este su. Dal som ich do karanteny.
OK :)

:arrow: MBAM odinstalujte.

:arrow: Dejte nove logy z FRST
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#11 Příspěvek od p4to »

Vdaka :thumbsup:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by p4too (administrator) on DESKTOP-FSNBGS5 (03-09-2017 19:51:21)
Running from C:\Users\p4too\Desktop
Loaded Profiles: p4too (Available Profiles: defaultuser0 & p4too)
Platform: Windows 10 Pro N Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(JetBrains s.r.o) C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Flux Software LLC) C:\Users\p4too\AppData\Local\FluxSoftware\Flux\flux.exe
(© 2015 Microsoft Corporation) C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Franz) C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\PerfWatson2.exe
(Node.js) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\ServiceHub\Hosts\ServiceHub.Host.Node.x86\ServiceHub.Host.Node.x86.exe
(ServiceHub.Host.CLR.x86) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\ServiceHub\Hosts\ServiceHub.Host.CLR.x86\ServiceHub.IdentityHost.exe
(ServiceHub.Host.CLR.x86) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\ServiceHub\Hosts\ServiceHub.Host.CLR.x86\ServiceHub.VSDetouredHost.exe
(ServiceHub.Host.CLR.x86) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\ServiceHub\Hosts\ServiceHub.Host.CLR.x86\ServiceHub.RoslynCodeAnalysisService32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\PrivateAssemblies\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\XDesProc.exe
(ServiceHub.Host.CLR.x86) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\ServiceHub\Hosts\ServiceHub.Host.CLR.x86\ServiceHub.SettingsHost.exe
(ServiceHub.Host.CLR.x86) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\ServiceHub\Hosts\ServiceHub.Host.CLR.x86\ServiceHub.Host.CLR.x86.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\p4too\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\15.0\Bin\MSBuild.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\15.0\Bin\Roslyn\VBCSCompiler.exe
(Google Inc.) C:\Users\p4too\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Google Update] => C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Franz] => C:\Users\p4too\AppData\Local\Franz\app-4.0.4\Franz.exe [86039832 2016-09-06] (Franz)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [ExpanDrive] => C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe [1471072 2015-02-04] (ExpanDrive, Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [f.lux] => C:\Users\p4too\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [BingSvc] => C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Spotify Web Helper] => C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-02] (Spotify Ltd)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\MountPoints2: {3c2cd3d1-7cec-11e6-a050-f0761c6c6ff4} - "F:\Lenovo_Suite.exe"
SSODL: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {E4B9D98A-19E4-4A2F-B080-BBF8AF8BCF51} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.220.123 208.67.222.123
Tcpip\..\Interfaces\{450fc5d8-0ece-4669-ae3b-2a1cd2e0fa44}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{88ebffb6-5b12-4da6-9153-1d057df9a8f9}: [DhcpNameServer] 208.67.220.123 208.67.222.123

Internet Explorer:
==================
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-05-06] (AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-09-01]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=3 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3402369080-3581635727-2017991681-1001: @tools.google.com/Google Update;version=9 -> C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> msn.com
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-09-03] <==== ATTENTION
CHR Extension: (Prekladač Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-18]
CHR Extension: (Prezentácie Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Dokumenty Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Disk Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Form Filler) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2017-07-29]
CHR Extension: (Adblock Plus) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Chirag) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\clinijjpaohndgmfepgpifcfnmlecbom [2017-08-21]
CHR Extension: (AdBlocker - Blokovač reklám pre YouTube™) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-14]
CHR Extension: (Tabuľky Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Postman) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-08-31]
CHR Extension: (Kaspersky Protection) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-09-01]
CHR Extension: (Úpravy súborov Office v Dokumentoch Google) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-06-23]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (AdBlock) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-01]
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-01]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
S3 hns; C:\Windows\System32\HostNetSvc.dll [552960 2017-04-23] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 jetbrainsetw.109.0.20170824.133306; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [1678544 2017-08-24] (JetBrains s.r.o)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 MBAMService; E:\temp\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
S4 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
R3 vmcompute; C:\Windows\system32\vmcompute.exe [1910784 2017-04-23] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14422528 2017-04-23] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 iDisplayWDDM; C:\Windows\system32\DRIVERS\idisplay.sys [40560 2016-03-22] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197312 2017-09-01] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [520152 2017-09-01] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021624 2017-09-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-05-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-09-01] (AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-09-01] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251656 2017-09-01] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-09-01] (AO Kaspersky Lab)
S3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-09-01] (AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-05-06] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-09-01] (AO Kaspersky Lab)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2017-04-23] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-02] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [101824 2017-09-03] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-03] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [94144 2017-09-03] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_03205ffa8fdea79d\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [24576 2017-04-23] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [46592 2017-04-23] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2017-04-23] (Microsoft Corporation)
S3 ramparser; C:\Windows\System32\drivers\ramparser.sys [30720 2017-04-23] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-08-12] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-29] (Synaptics Incorporated)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [103424 2017-04-23] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2017-04-23] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [33632 2017-04-23] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [1616896 2017-04-23] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 19:51 - 2017-09-03 19:51 - 000028976 _____ C:\Users\p4too\Desktop\FRST.txt
2017-09-03 19:16 - 2017-09-03 19:20 - 000000208 _____ C:\Users\p4too\Desktop\Photo Explorer todo.txt
2017-09-02 21:10 - 2017-09-03 12:27 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-02 17:09 - 2017-09-02 17:09 - 000000016 _____ C:\InjectIntoProcess crash
2017-09-02 15:48 - 2017-09-03 12:28 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-02 15:48 - 2017-09-03 12:27 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-02 15:48 - 2017-09-02 21:10 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-02 15:47 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-02 15:38 - 2017-09-02 17:40 - 000000000 ____D C:\ProgramData\locep
2017-09-02 15:35 - 2017-09-02 21:09 - 000000000 ____D C:\AdwCleaner
2017-09-02 15:34 - 2017-09-02 15:34 - 008182736 _____ (Malwarebytes) C:\Users\p4too\Desktop\adwcleaner_7.0.2.1.exe
2017-09-01 19:17 - 2017-09-01 19:17 - 000251656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2017-09-01 19:17 - 2017-09-01 19:17 - 000087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2017-09-01 19:16 - 2017-09-03 19:29 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-09-01 19:16 - 2017-09-03 19:29 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-09-01 19:16 - 2017-09-01 19:33 - 001021624 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-09-01 19:16 - 2017-09-01 19:33 - 000520152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-09-01 19:16 - 2017-09-01 19:33 - 000197312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-09-01 19:16 - 2017-09-01 19:16 - 000002182 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2017-09-01 19:16 - 2017-09-01 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2017-09-01 19:16 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2017-09-01 18:54 - 2017-09-01 19:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-09-01 18:27 - 2017-09-01 18:27 - 000000000 ___RD C:\Users\p4too\Documents\MAGIX
2017-09-01 18:27 - 2017-09-01 18:27 - 000000000 ____D C:\ProgramData\simplitec
2017-09-01 18:26 - 2017-09-01 18:29 - 000000000 ____D C:\ProgramData\MAGIX
2017-09-01 18:21 - 2017-09-01 18:21 - 000000000 ____D C:\Users\p4too\Documents\MAGIX Downloads
2017-09-01 18:21 - 2017-09-01 18:21 - 000000000 ____D C:\Users\p4too\AppData\Roaming\MAGIX
2017-09-01 18:17 - 2017-09-03 19:51 - 000000000 ____D C:\FRST
2017-09-01 18:16 - 2017-09-01 18:16 - 002395648 _____ (Farbar) C:\Users\p4too\Desktop\FRST64.exe
2017-09-01 17:36 - 2017-09-01 17:36 - 000000290 __RSH C:\Users\p4too\ntuser.pol
2017-09-01 17:24 - 2017-09-02 23:18 - 000000000 ____D C:\Program Files\BitTorrent
2017-08-28 19:42 - 2017-08-28 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools MDF Viewer 1.0
2017-08-27 11:33 - 2017-08-27 11:58 - 008388608 _____ C:\Users\p4too\Word_log.ldf
2017-08-27 11:33 - 2017-08-27 11:58 - 008388608 _____ C:\Users\p4too\Word.mdf
2017-08-26 21:13 - 2017-08-26 21:13 - 000000000 ____D C:\Users\p4too\AppData\Local\GitCredentialManager
2017-08-26 19:39 - 2017-08-26 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2017-08-26 19:39 - 2017-08-26 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2017-08-26 19:38 - 2017-08-26 19:40 - 000000000 ____D C:\Program Files\IIS Express
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\3082
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\2052
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1055
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1049
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1046
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1045
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1042
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1041
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1040
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1036
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1031
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1029
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\SysWOW64\1028
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\3082
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\2052
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1055
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1049
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1046
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1045
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1042
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1041
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1040
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1036
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1031
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1029
2017-08-26 19:37 - 2017-08-26 19:38 - 000000000 ____D C:\Windows\system32\1028
2017-08-26 19:36 - 2017-08-26 19:36 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\Program Files\Application Verifier
2017-08-26 19:34 - 2017-08-26 19:34 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-08-26 19:32 - 2017-08-26 19:32 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-08-26 19:31 - 2017-08-26 19:31 - 000001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-08-26 18:47 - 2017-08-26 18:47 - 000000000 ____D C:\Program Files (x86)\JetBrains
2017-08-12 22:30 - 2017-08-13 14:13 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome
2017-08-12 15:40 - 2012-04-16 23:33 - 000250240 _____ C:\Users\p4too\Downloads\psc.csv
2017-08-12 15:40 - 2012-04-16 23:21 - 000044955 _____ C:\Users\p4too\Downloads\adresar.txt
2017-08-06 21:08 - 2017-08-06 21:08 - 000000000 ____D C:\Users\p4too\AppData\Local\USQLDataRoot
2017-08-05 09:55 - 2017-08-07 21:43 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Sparx Systems
2017-08-05 09:55 - 2017-08-05 09:55 - 000001611 _____ C:\Users\Public\Desktop\Enterprise Architect.lnk
2017-08-05 09:55 - 2017-08-05 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enterprise Architect 9
2017-08-05 09:55 - 2017-08-05 09:55 - 000000000 ____D C:\Program Files (x86)\Sparx Systems
2017-08-04 21:29 - 2017-08-04 21:29 - 000000000 ____D C:\Users\p4too\AppData\Roaming\java
2017-08-04 21:25 - 2017-08-04 21:37 - 000000000 ____D C:\Users\p4too\AppData\Roaming\VisualParadigm
2017-08-04 21:13 - 2017-08-04 21:14 - 000000000 ____D C:\Users\p4too\AppData\Local\NClass

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 19:48 - 2017-01-02 22:20 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Spotify
2017-09-03 19:29 - 2016-07-16 13:44 - 000000000 ____D C:\Windows\INF
2017-09-03 19:28 - 2016-09-17 13:44 - 000000000 ____D C:\Users\p4too\AppData\Local\ClassicShell
2017-09-03 16:28 - 2017-01-02 22:21 - 000000000 ____D C:\Users\p4too\AppData\Local\Spotify
2017-09-03 15:44 - 2016-09-17 13:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-09-03 15:36 - 2016-09-17 16:38 - 005043970 _____ C:\Windows\system32\perfh01B.dat
2017-09-03 15:36 - 2016-09-17 16:38 - 001507734 _____ C:\Windows\system32\perfc01B.dat
2017-09-03 15:36 - 2016-09-17 13:25 - 010694246 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-03 15:30 - 2017-03-08 17:29 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Franz
2017-09-03 15:29 - 2017-01-18 21:27 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-03 15:29 - 2016-09-17 13:26 - 000000000 __SHD C:\Users\p4too\IntelGraphicsProfiles
2017-09-03 15:29 - 2016-09-17 13:24 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-03 15:29 - 2016-09-17 13:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-03 15:26 - 2016-07-16 08:04 - 001048576 _____ C:\Windows\system32\config\BBI
2017-09-03 15:23 - 2017-07-21 20:36 - 000001153 _____ C:\Users\p4too\Desktop\ToDo – drazby.txt
2017-09-03 12:27 - 2016-10-12 22:23 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-03 02:13 - 2016-09-17 13:31 - 000000000 ____D C:\Users\p4too\AppData\Roaming\AIMP
2017-09-02 23:18 - 2017-01-18 12:20 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-02 23:18 - 2016-09-23 22:11 - 000000000 ____D C:\Program Files (x86)\ExpanDrive
2017-09-02 20:50 - 2016-09-17 14:38 - 000000000 ____D C:\Users\p4too\AppData\Local\CrashDumps
2017-09-02 17:40 - 2016-09-17 13:21 - 000000000 ____D C:\Users\p4too
2017-09-02 15:47 - 2016-10-12 22:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-02 15:44 - 2016-07-16 08:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-09-02 15:37 - 2016-10-15 12:18 - 000000000 ____D C:\ProgramData\IObit
2017-09-02 15:37 - 2016-09-17 14:37 - 000000000 ____D C:\Users\p4too\AppData\Roaming\uTorrent
2017-09-02 15:37 - 2016-09-17 14:05 - 000000000 ____D C:\Users\p4too\AppData\Roaming\IObit
2017-09-02 13:07 - 2017-04-02 21:47 - 000000000 ____D C:\Users\p4too\Documents\Visual Studio 2017
2017-09-01 20:23 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\LiveKernelReports
2017-09-01 19:33 - 2016-06-14 17:47 - 000199640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-09-01 19:16 - 2016-07-16 13:45 - 000000000 ___HD C:\Windows\ELAMBKUP
2017-09-01 18:42 - 2017-01-24 09:55 - 000000000 ____D C:\ProgramData\Oracle
2017-09-01 17:24 - 2017-02-13 19:10 - 000003832 __RSH C:\ProgramData\ntuser.pol
2017-09-01 17:24 - 2016-07-16 13:45 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-01 17:23 - 2016-09-17 14:22 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Mozilla
2017-08-27 10:09 - 2016-09-17 16:49 - 000000000 ____D C:\Users\p4too\Documents\Visual Studio 2015
2017-08-27 10:00 - 2017-07-19 20:01 - 000000000 ____D C:\Users\p4too\AppData\Local\Red Gate
2017-08-26 21:11 - 2017-04-02 21:47 - 000000000 ____D C:\Users\p4too\AppData\Local\.IdentityService
2017-08-26 19:47 - 2017-04-02 19:36 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Visual Studio Setup
2017-08-26 19:40 - 2016-09-17 16:38 - 000000000 ____D C:\Program Files (x86)\IIS Express
2017-08-26 19:39 - 2016-09-17 16:37 - 000000000 ____D C:\Program Files (x86)\NuGet
2017-08-26 19:39 - 2016-09-17 13:46 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-26 19:38 - 2016-09-17 16:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-08-26 19:38 - 2016-09-17 16:35 - 000000000 ____D C:\Windows\SysWOW64\1033
2017-08-26 19:38 - 2016-09-17 16:35 - 000000000 ____D C:\Windows\system32\1033
2017-08-26 19:38 - 2016-07-16 13:36 - 000000000 ____D C:\Windows\CbsTemp
2017-08-26 19:36 - 2016-09-17 16:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-08-26 19:34 - 2017-04-02 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-08-26 19:33 - 2017-04-02 19:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-08-26 19:32 - 2016-09-17 16:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-26 19:24 - 2017-04-02 19:36 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-08-26 18:46 - 2016-09-17 16:56 - 000000000 ____D C:\Users\p4too\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-08-26 18:45 - 2016-09-17 16:53 - 000000000 ____D C:\Users\p4too\AppData\Local\JetBrains
2017-08-26 13:05 - 2016-10-13 22:15 - 000000000 ____D C:\Users\p4too\.nuget
2017-08-26 13:05 - 2016-10-08 18:48 - 000000000 ____D C:\Users\p4too\AppData\Local\NuGet
2017-08-12 15:47 - 2016-09-17 13:22 - 000000000 ____D C:\Users\p4too\AppData\Local\Packages

==================== Files in the root of some directories =======

2017-04-01 17:58 - 2017-04-01 17:58 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-01-18 21:21 - 2017-01-18 21:21 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-01 18:46 - 2017-04-23 17:35 - 000011904 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-03 14:56

==================== End of FRST.txt ============================
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Virus

#12 Příspěvek od Márty84 »

:???: Ty IP adresy mate schvalne? Tcpip\Parameters: [DhcpNameServer] 208.67.220.123 208.67.222.123



:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Google Update] => C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [BingSvc] => C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Spotify Web Helper] => C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-02] (Spotify Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION

HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

CHR HomePage: ChromeDefaultData -> msn.com
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-09-03] <==== ATTENTION

E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES.ZIP
C:\PROGRAM FILES\BITTORRENT\BIN\07E29358-BE37-40AD-BEE3-A4ECBEBBC88F\XRERRXJW.EXE

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#13 Příspěvek od p4to »

Tie IP adresy pouzivam ako DNS v routery, ale v pc som mal docasne 8.8.8.8 nastavenu. Asi si to nejako pametalo...
Tu je ten log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by p4too (04-09-2017 19:45:11) Run:1
Running from C:\Users\p4too\Desktop
Loaded Profiles: p4too (Available Profiles: defaultuser0 & p4too)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Google Update] => C:\Users\p4too\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [BingSvc] => C:\Users\p4too\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (� 2015 Microsoft Corporation)
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\...\Run: [Spotify Web Helper] => C:\Users\p4too\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-02] (Spotify Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION

HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

CHR HomePage: ChromeDefaultData -> msn.com
CHR Profile: C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-09-03] <==== ATTENTION

E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES.ZIP
C:\PROGRAM FILES\BITTORRENT\BIN\07E29358-BE37-40AD-BEE3-A4ECBEBBC88F\XRERRXJW.EXE

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-3402369080-3581635727-2017991681-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
Chrome HomePage => removed successfully
C:\Users\p4too\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
"E:\DOKUMENTY\ZDROJAKY_CUDZIE\_DESIGN PATTERNS\PATTERNS-LIBRARY\PATTERNS-MEMENTO-EXERCISE-FILES.ZIP" => not found.
"C:\PROGRAM FILES\BITTORRENT\BIN\07E29358-BE37-40AD-BEE3-A4ECBEBBC88F\XRERRXJW.EXE" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24715165 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 24648991 B
Edge => 39637917 B
Chrome => 207872 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 23018 B
NetworkService => 0 B
defaultuser0 => 0 B
p4too => 268061296 B

RecycleBin => 0 B
EmptyTemp: => 340.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:45:34 ====
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Virus

#14 Příspěvek od Márty84 »

:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow:
vyosek píše: :arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remove disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak to s pc vypada.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
p4to
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 06 srp 2011 15:56

Re: Virus

#15 Příspěvek od p4to »

Dakujem za pomoc, no uz to vyzera super. Akurat z casu na cas vypadne na chvilku (5-10 sekund) internet.
Ale to robilo aj pred tym a neviem co to sposobuje.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“