Prosím o kontrolu PC

Zpráva

Pan Proty · #1 Příspěvek od **Pan Proty** » 19 říj 2017 19:22

Dobrý den, prosím o kontrolu pc.

přikládám zkopírovaný RSIT log a FRST log.

RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Uzivatel at 2017-10-19 20:15:15
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 841 GB (88%) free of 954 GB
Total RAM: 8041 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:39, on 19.10.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Uzivatel\AppData\Local\background_fault\aswRD.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\trend micro\Uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [HP DeskJet 5570 series (NET)] "C:\Program Files\HP\HP DeskJet 5570 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5A81Q05N0674:NW" -scfn "HP DeskJet 5570 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\programdata\ab studio\ABUnInstallEx.exe
O4 - HKCU\..\Run: [background_fault] "C:\Users\Uzivatel\AppData\Local\background_fault\aswRD.exe" "C:\Users\Uzivatel\AppData\Local\background_fault\bf.dll",background_fault_collector
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11571 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-90114687-e612-495c-9720-c5edd114df56 -SystemEventPortName:HostProcess-5e89f795-2460-4f3c-81ed-2d8620890879 -IoCancelEventPortName:HostProcess-8d067712-be7c-4b93-8d76-fb90207c9b19 -NonStateChangingEventPortName:HostProcess-695bcb55-cd51-4491-9de1-eae70b275c10 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a97f418a-1a79-4ee3-8d34-5bff31decbe8 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\HP\HP DeskJet 5570 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5A81Q05N0674:NW" -scfn "HP DeskJet 5570 series (NET)" -AutoStart 1
AvastUI.exe /nogui
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Popcorn Time\Updater.exe"
"C:\Users\Uzivatel\AppData\Local\background_fault\aswRD.exe" "C:\Users\Uzivatel\AppData\Local\background_fault\bf.dll",background_fault_collector
C:\Windows\system32\valWBFPolicyService.exe
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
ctfmon.exe
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Public\Documents\Google\Chrome "--metrics-dir=C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data" --url=https://client2.google.com/cr/reports --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=61.0.3163.100 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fee93b1988,0x7fee93b1948,0x7fee93b1958
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3212 --on-initialized-event-handle=416 --parent-handle=432 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1172,6236042504455873350,952543235742997163,131072 --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,19,20,22,23,24,27,29,49,70,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x1002 --gpu-device-id=0x0000 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=21.19.169.768 --gpu-driver-date=3-8-2017 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0156 --gpu-active-vendor-id=0x8086 --gpu-active-device-id=0x0156 --service-request-channel-token=56B5968096F46EA7E52E45A11C2C4CB0 --mojo-platform-channel-handle=1188 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,6236042504455873350,952543235742997163,131072 --service-pipe-token=97D5E523CBA33ACC82F4534CCEBBEAD8 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=97D5E523CBA33ACC82F4534CCEBBEAD8 --renderer-client-id=4 --mojo-platform-channel-handle=2244 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,6236042504455873350,952543235742997163,131072 --service-pipe-token=CEAFC16ABCE0A143EEEDCEE137D36081 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=CEAFC16ABCE0A143EEEDCEE137D36081 --renderer-client-id=5 --mojo-platform-channel-handle=2252 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,6236042504455873350,952543235742997163,131072 --service-pipe-token=FAA7768E5EBC2957E1D6392647442F8D --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=FAA7768E5EBC2957E1D6392647442F8D --renderer-client-id=9 --mojo-platform-channel-handle=4516 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,6236042504455873350,952543235742997163,131072 --service-pipe-token=EBDAD5BDD10248757D53795562D1838C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=EBDAD5BDD10248757D53795562D1838C --renderer-client-id=15 --mojo-platform-channel-handle=5792 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,6236042504455873350,952543235742997163,131072 --service-pipe-token=4030C950D4C9C7F911C3AED7526AFF0C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=4030C950D4C9C7F911C3AED7526AFF0C --renderer-client-id=16 --mojo-platform-channel-handle=5200 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1172,6236042504455873350,952543235742997163,131072 --service-pipe-token=D1A6E93B9A446E7E582B41603B8E61CC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=D1A6E93B9A446E7E582B41603B8E61CC --renderer-client-id=19 --mojo-platform-channel-handle=3684 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

"C:\Users\Uzivatel\Desktop\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-05 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-05 820672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-11-07 1703424]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-06 415680]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-10-05 253344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HP DeskJet 5570 series (NET)"=C:\Program Files\HP\HP DeskJet 5570 series\Bin\ScanToPCActivationApp.exe [2015-04-09 3558408]
"ABUNINSTALLEX"=c:\programdata\ab studio\ABUnInstallEx.exe [2011-11-21 258048]
"background_fault"=C:\Users\Uzivatel\AppData\Local\background_fault\aswRD.exe [2017-05-04 1419576]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-09-20 9856176]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2014-05-16 336672]
""= []
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-12-20 291280]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2013-01-10 379904]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{38146DFA-FD9A-11E6-99A9-64006A5CFC23}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-10-19 20:15:15 ----D---- C:\rsit
2017-10-19 20:15:15 ----D---- C:\Program Files\trend micro
2017-10-15 10:13:32 ----D---- C:\ProgramData\SWCUTemp
2017-10-12 02:24:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2017-10-11 21:42:26 ----A---- C:\Windows\system32\mshtml.dll
2017-10-11 21:42:24 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-10-11 21:42:22 ----A---- C:\Windows\system32\ieframe.dll
2017-10-11 21:42:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-10-11 21:42:20 ----A---- C:\Windows\system32\jscript9.dll
2017-10-11 21:42:19 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-10-11 21:42:19 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-10-11 21:42:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-10-11 21:42:19 ----A---- C:\Windows\system32\wininet.dll
2017-10-11 21:42:19 ----A---- C:\Windows\system32\win32k.sys
2017-10-11 21:42:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-10-11 21:42:18 ----A---- C:\Windows\system32\urlmon.dll
2017-10-11 21:42:18 ----A---- C:\Windows\system32\tquery.dll
2017-10-11 21:42:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-10-11 21:42:18 ----A---- C:\Windows\system32\iertutil.dll
2017-10-11 21:42:17 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2017-10-11 21:42:17 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-10-11 21:42:17 ----A---- C:\Windows\system32\rdpcore.dll
2017-10-11 21:42:17 ----A---- C:\Windows\system32\Query.dll
2017-10-11 21:42:17 ----A---- C:\Windows\system32\mf.dll
2017-10-11 21:42:17 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-10-11 21:42:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-10-11 21:42:16 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-10-11 21:42:16 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-10-11 21:42:16 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-10-11 21:42:16 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-10-11 21:42:16 ----A---- C:\Windows\system32\msfeeds.dll
2017-10-11 21:42:16 ----A---- C:\Windows\system32\jscript.dll
2017-10-11 21:42:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-10-11 21:42:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-10-11 21:42:15 ----A---- C:\Windows\SYSWOW64\msexcl40.dll
2017-10-11 21:42:15 ----A---- C:\Windows\SYSWOW64\msctf.dll
2017-10-11 21:42:15 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-10-11 21:42:15 ----A---- C:\Windows\system32\msctf.dll
2017-10-11 21:42:15 ----A---- C:\Windows\system32\drivers\srv.sys
2017-10-11 21:42:15 ----A---- C:\Windows\system32\drivers\nwifi.sys
2017-10-11 21:42:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-10-11 21:42:14 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2017-10-11 21:42:14 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-10-11 21:42:14 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-10-11 21:42:14 ----A---- C:\Windows\system32\wlansec.dll
2017-10-11 21:42:14 ----A---- C:\Windows\system32\t2embed.dll
2017-10-11 21:42:14 ----A---- C:\Windows\system32\mfps.dll
2017-10-11 21:42:14 ----A---- C:\Windows\system32\iedkcs32.dll
2017-10-11 21:42:14 ----A---- C:\Windows\system32\gdi32.dll
2017-10-11 21:42:13 ----A---- C:\Windows\SYSWOW64\wlansec.dll
2017-10-11 21:42:13 ----A---- C:\Windows\SYSWOW64\wlanmsm.dll
2017-10-11 21:42:13 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-10-11 21:42:13 ----A---- C:\Windows\SYSWOW64\themeui.dll
2017-10-11 21:42:13 ----A---- C:\Windows\SYSWOW64\mswstr10.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\wlansvc.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\wlanmsm.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\wlanhlp.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\wlanapi.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\themeui.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\ntdll.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-11 21:42:13 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-10-11 21:42:13 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2017-10-11 21:42:13 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-10-11 21:42:13 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-10-11 21:42:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\wlanhlp.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\wlanapi.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\msjint40.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\mfps.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-10-11 21:42:12 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\wow64win.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\winsrv.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\webcheck.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\vbscript.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\smss.exe
2017-10-11 21:42:12 ----A---- C:\Windows\system32\schannel.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\rrinstaller.exe
2017-10-11 21:42:12 ----A---- C:\Windows\system32\rpcrt4.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\occache.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\mssvp.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\mssrch.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\mssph.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\msrating.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\mshtmled.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\mfpmp.exe
2017-10-11 21:42:12 ----A---- C:\Windows\system32\lsasrv.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\kernel32.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\kerberos.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\jscript9diag.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\ieui.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\ieapfltr.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\dxtrans.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\dxtmsft.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-10-11 21:42:12 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-10-11 21:42:12 ----A---- C:\Windows\system32\certcli.dll
2017-10-11 21:42:12 ----A---- C:\Windows\system32\advapi32.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-11 21:42:11 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-10-11 21:42:11 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\wow64cpu.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\wow64.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\wdigest.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\TSpkg.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\sspisrv.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\sspicli.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\srcore.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\srclient.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\secur32.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\rstrui.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\rpchttp.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\ntvdm64.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\ncrypt.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\msv1_0.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\mssprxy.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\mssphtb.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\mssitlb.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\msshooks.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\msscntrs.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\lsass.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\KernelBase.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\jsproxy.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\inseng.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\ieUnatt.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\iesetup.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\iernonce.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\ie4uinit.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\icaapi.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-10-11 21:42:11 ----A---- C:\Windows\system32\drivers\appid.sys
2017-10-11 21:42:11 ----A---- C:\Windows\system32\csrsrv.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\cryptbase.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\credssp.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\conhost.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\bcrypt.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\auditpol.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\appidsvc.dll
2017-10-11 21:42:11 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-10-11 21:42:11 ----A---- C:\Windows\system32\appidapi.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-11 21:42:10 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\user.exe
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\mferror.dll
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-10-11 21:42:10 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-10-11 21:42:10 ----A---- C:\Windows\system32\msobjs.dll
2017-10-11 21:42:10 ----A---- C:\Windows\system32\msaudite.dll
2017-10-11 21:42:10 ----A---- C:\Windows\system32\mferror.dll
2017-10-11 21:42:10 ----A---- C:\Windows\system32\apisetschema.dll
2017-10-11 21:42:10 ----A---- C:\Windows\system32\adtschema.dll
2017-10-11 21:42:09 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-10-10 14:47:45 ----D---- C:\Program Files\CCleaner
2017-10-05 21:31:01 ----A---- C:\Windows\system32\aswBoot.exe

======List of files/folders modified in the last 1 month======

2017-10-19 20:15:26 ----D---- C:\Windows\Prefetch
2017-10-19 20:15:21 ----D---- C:\Windows\Temp
2017-10-19 20:15:15 ----RD---- C:\Program Files
2017-10-19 19:58:07 ----D---- C:\Windows\system32\config
2017-10-19 19:57:15 ----A---- C:\Windows\SYSWOW64\log.txt
2017-10-19 19:54:53 ----A---- C:\Windows\SYSWOW64\bscs.ini
2017-10-19 19:54:17 ----D---- C:\ProgramData\Synaptics
2017-10-16 09:34:07 ----D---- C:\Windows\SysWOW64
2017-10-16 09:34:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-10-16 09:34:04 ----D---- C:\Windows\system32\Macromed
2017-10-16 09:34:03 ----D---- C:\Windows\SYSWOW64\Macromed
2017-10-15 22:36:11 ----D---- C:\Windows\rescache
2017-10-15 12:29:44 ----D---- C:\Windows\Minidump
2017-10-15 12:29:38 ----D---- C:\Windows
2017-10-15 10:13:44 ----SD---- C:\Users\Uzivatel\AppData\Roaming\Microsoft
2017-10-15 10:13:32 ----HD---- C:\ProgramData
2017-10-15 02:41:47 ----D---- C:\Windows\Microsoft.NET
2017-10-13 00:48:57 ----D---- C:\Windows\inf
2017-10-13 00:47:29 ----D---- C:\Windows\debug
2017-10-12 23:51:55 ----RSD---- C:\Windows\assembly
2017-10-12 23:35:36 ----D---- C:\Windows\system32\MRT
2017-10-12 02:39:21 ----D---- C:\Windows\System32
2017-10-12 02:39:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-10-12 02:33:41 ----D---- C:\Windows\winsxs
2017-10-12 02:31:45 ----SHD---- C:\Config.Msi
2017-10-12 02:31:45 ----D---- C:\Windows\system32\drivers\UMDF
2017-10-12 02:31:45 ----D---- C:\Windows\system32\drivers
2017-10-12 02:29:53 ----D---- C:\Windows\SYSWOW64\migration
2017-10-12 02:29:53 ----D---- C:\Windows\SYSWOW64\en-US
2017-10-12 02:29:53 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-10-12 02:29:53 ----D---- C:\Program Files\Internet Explorer
2017-10-12 02:29:53 ----D---- C:\Program Files (x86)\Internet Explorer
2017-10-12 02:29:51 ----D---- C:\Windows\system32\migration
2017-10-12 02:29:51 ----D---- C:\Windows\system32\cs-CZ
2017-10-12 02:29:50 ----D---- C:\Windows\system32\en-US
2017-10-12 02:29:49 ----D---- C:\Windows\AppPatch
2017-10-12 02:29:48 ----D---- C:\Windows\system32\Boot
2017-10-12 02:24:04 ----AC---- C:\Windows\system32\MRT.exe
2017-10-12 02:23:55 ----SHD---- C:\Windows\Installer
2017-10-12 02:21:56 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-10-12 02:19:38 ----D---- C:\Windows\system32\DriverStore
2017-10-12 02:19:02 ----D---- C:\Windows\system32\WinBioPlugIns
2017-10-12 02:18:53 ----SHD---- C:\System Volume Information
2017-10-12 00:32:02 ----D---- C:\ProgramData\Microsoft Help
2017-10-11 21:38:10 ----D---- C:\Windows\system32\catroot2
2017-10-10 14:47:47 ----D---- C:\Windows\system32\Tasks
2017-10-05 21:30:57 ----D---- C:\ProgramData\AVAST Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2017-03-22 86936]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-10-05 198976]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-10-05 343288]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-10-05 57736]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-10-05 84416]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-10-05 363440]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 20024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-10-05 321032]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-09-09 41832]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-10-05 110376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-10-05 1020536]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-10-05 587168]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-10-05 147776]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-10-05 201352]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2017-03-22 26575368]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2017-03-22 529304]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-03-09 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-03-09 47672]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2013-11-19 26936]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-08-05 3802600]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2016-08-05 463112]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-12-04 358456]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-12-04 791608]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-12 62784]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2014-12-31 2486416]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-10-09 692832]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-06-18 872152]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2013-11-07 551936]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2017-08-19 639584]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys []
S3 aswHdsKe;aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [2017-09-10 105136]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-10-05 47008]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-12-05 49632]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-07-19 83032]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2017-03-22 297880]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-10-05 281416]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2013-01-31 1626872]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2014-05-16 683296]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2017-09-27 323952]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-08-05 319096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-10-22 166432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-10-22 278560]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-11-07 340480]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-08-19 255584]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-22 365600]
R2 Update service;Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [2016-08-26 339968]
R2 valWBFPolicyService;Synaptics FP WBF Policy Service; C:\Windows\system32\valWBFPolicyService.exe [2017-05-22 82912]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-10-05 7446024]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2013-01-10 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-01-23 1006424]
S2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-02-09 18720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-09 153752]
S3 AbSoftMgr4;AbSoftMgr4; C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2012-09-18 515072]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16 272384]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-08-05 280696]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2017-03-09 1432400]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-09 153752]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-09-07 116224]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-03-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 20 říj 2017 17:27

Zdravím,

stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

Pak použij Mbam z mého podpisu a dej mi sem z něj log po smazání nepořádku.

Pan Proty · #3 Příspěvek od **Pan Proty** » 22 říj 2017 21:43

log po použití AdwCleaneru:

# AdwCleaner 7.0.3.1 - Logfile created on Sun Oct 22 20:38:21 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: Update service

***** [ Folders ] *****

Deleted: C:\Users\Uzivatel\AppData\Local\SNAREA
Deleted: C:\Users\Uzivatel\AppData\Local\snare
Deleted: C:\Users\Uzivatel\AppData\Local\Dayglad
Deleted: C:\Users\Uzivatel\AppData\Local\Zoohair
Deleted: C:\Users\Uzivatel\AppData\Local\Bookness
Deleted: C:\Users\Uzivatel\AppData\Roaming\\Firefox
Deleted: C:\Users\Uzivatel\AppData\Roaming\WinSAPSvc
Deleted: C:\Users\Uzivatel\AppData\Local\SNAREA

***** [ Files ] *****

Deleted: C:\Users\Public\Documents\\report.dat
Deleted: C:\Users\Public\Documents\\temp.dat
Deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
Deleted: C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Windows-PG
Deleted: HP AR Program Upload - f6f7cf6322094c69a56dccb6da42f6a7483e97cdad81448a8667dc5d2db8d744

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNARE
Deleted: [Key] - HKLM\SOFTWARE\Dayglad
Deleted: [Key] - HKU\S-1-5-21-4037108425-281480442-3943756395-1000\Software\Dayglad
Deleted: [Key] - HKCU\Software\Dayglad
Deleted: [Key] - HKLM\SOFTWARE\Zoohair
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{A12E1B08-6B1D-4336-BCDE-AE8733449F65}C:\program files (x86)\popcorn time\chromecast\node.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{19D4F8B5-8990-424B-8822-20958575865A}C:\program files (x86)\popcorn time\chromecast\node.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{4248C4DE-A24A-4EB1-B62F-539BA00595DE}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{D1B9582B-7027-45B1-83F7-2674F22B2863}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
Deleted: [Key] - HKLM\SOFTWARE\youndooSoftware
Deleted: [Key] - HKLM\SOFTWARE\ompndb
Deleted: [Key] - HKU\.DEFAULT\Software\ompndb
Deleted: [Key] - HKU\S-1-5-18\Software\ompndb
Deleted: [Key] - HKLM\SOFTWARE\ecb`nl
Deleted: [Key] - HKU\.DEFAULT\Software\ecb`nl
Deleted: [Key] - HKU\S-1-5-18\Software\ecb`nl
Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance
Deleted: [Key] - HKLM\SOFTWARE\msServer
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|Kitty
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNAREA
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-4037108425-281480442-3943756395-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-4037108425-281480442-3943756395-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKU\S-1-5-21-4037108425-281480442-3943756395-1000\Software\Reimage
Deleted: [Key] - HKCU\Software\Reimage
Deleted: [Key] - HKLM\SOFTWARE\Zoohair
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5765 B] - [2017/10/22 20:36:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Pan Proty · #4 Příspěvek od **Pan Proty** » 23 říj 2017 15:16

mbam pošlu hned jak budu doma, včera jsem vytvářel sken ale než byl hotov, musel jsem bohužel vypnout PC

#5 Příspěvek od **Roli** » 23 říj 2017 18:22

Pan Proty píše:mbam pošlu hned jak budu doma, včera jsem vytvářel sken ale než byl hotov, musel jsem bohužel vypnout PC

Dobře

Pan Proty · #6 Příspěvek od **Pan Proty** » 24 říj 2017 14:16

přikládám log z MBAM

#7 Příspěvek od **Roli** » 24 říj 2017 17:53

Všechno co Mbam našel nech po jeho znovuspuštění smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Pan Proty · #8 Příspěvek od **Pan Proty** » 26 říj 2017 11:55

zdravím, použil jsem combofix dle návodu..

vypl jsem štíty avastu, vypl firewall, pozastavil chranu MBAM, combofix jsem spustil a po restartu přišel k pc a nefungoval mi na něm žádný z programů - při jakémkoliv pokusu se objevovalo okno s hláškou: Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění.

Nemohl jsem ani otevřít txt s logem z ComboFixu - opět to samé okno se stejnou hláškou

Pc jsem pak znovu zrestartoval a vše beželo jako předtím, antiviry opět aktivní atd.

přikládám obsah logu z combofixu:

ComboFix 17-10-17.01 - Uzivatel 26.10.2017 12:08:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8041.5711 [GMT 2:00]
Spuštěný z: C:\Users\Uzivatel\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

#9 Příspěvek od **Roli** » 26 říj 2017 21:19

Pokud to je všechno co bylo v logu tak toho spousta chybí.

Zkus ComboFix spustit v Nouzovém režimu, pokud ani pak nepůjde dej mi sem aktuální log z Rsit.

Pan Proty · #10 Příspěvek od **Pan Proty** » 26 říj 2017 23:34

přikládám obsah posledního logu z combofixu spuštěného v nouzovém režimu:

ComboFix 17-10-17.01 - Uzivatel 27.10.2017 0:18.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8041.6423 [GMT 2:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-09-26 do 2017-10-26 )))))))))))))))))))))))))))))))
.
.
2017-10-26 22:22 . 2017-10-26 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-22 20:45 . 2017-10-26 22:13 45504 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-10-22 20:45 . 2017-10-26 22:13 252232 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-10-22 20:45 . 2017-10-04 11:15 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-10-22 20:45 . 2017-10-22 20:45 -------- d-----w- c:\programdata\Malwarebytes
2017-10-22 20:45 . 2017-10-22 20:45 -------- d-----w- c:\program files\Malwarebytes
2017-10-22 20:35 . 2017-10-22 20:38 -------- d-----w- C:\AdwCleaner
2017-10-22 20:28 . 2017-10-22 20:30 -------- d-----w- C:\FRST
2017-10-22 19:07 . 2017-10-22 19:09 -------- d-----r- c:\users\Uzivatel\Viry
2017-10-22 19:02 . 2017-10-22 19:05 -------- d-----w- c:\users\Uzivatel\CV
2017-10-22 13:29 . 2017-10-22 14:50 -------- d-----w- c:\users\Uzivatel\zaloha HDD
2017-10-19 18:15 . 2017-10-19 18:15 -------- d-----w- C:\rsit
2017-10-19 18:15 . 2017-10-19 18:15 -------- d-----w- c:\program files\trend micro
2017-10-12 00:24 . 2017-10-12 00:24 126925120 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-10-10 12:47 . 2017-10-26 11:26 -------- d-----w- c:\program files\CCleaner
2017-10-05 19:31 . 2017-10-05 19:30 401488 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-26 22:14 . 2017-03-08 07:55 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-10-26 20:52 . 2017-03-11 19:30 1029872 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2017-10-25 13:34 . 2017-03-08 08:18 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-10-25 13:34 . 2017-03-08 08:18 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-10-12 00:24 . 2017-03-08 10:18 126925120 -c--a-w- c:\windows\system32\MRT.exe
2017-10-05 19:30 . 2017-03-11 19:30 363440 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-10-05 19:30 . 2017-03-11 19:30 201352 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-10-05 19:30 . 2017-03-11 19:30 587168 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-10-05 19:30 . 2017-03-11 19:30 84416 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-10-05 19:30 . 2017-03-11 19:30 47008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-10-05 19:30 . 2017-03-11 19:30 147776 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-10-05 19:30 . 2017-03-11 19:30 110376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-10-05 19:30 . 2017-03-11 19:30 57736 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-10-05 19:30 . 2017-03-11 19:30 343288 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-10-05 19:30 . 2017-03-11 19:30 198976 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-10-05 19:30 . 2017-03-11 19:30 321032 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-09-13 15:28 . 2017-10-11 19:42 345600 ----a-w- c:\windows\system32\schannel.dll
2017-09-13 15:28 . 2017-10-11 19:42 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-09-13 15:09 . 2017-10-11 19:42 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-09-13 15:09 . 2017-10-11 19:42 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-09-13 15:08 . 2017-10-11 19:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-09-10 17:12 . 2017-09-10 19:17 105136 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2017-09-09 19:01 . 2017-03-11 19:32 41832 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-08-30 11:23 . 2017-08-30 11:23 993632 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2017-08-30 11:23 . 2017-08-30 11:23 987840 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-08-30 11:23 . 2017-08-30 11:23 690008 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2017-08-30 11:23 . 2017-08-30 11:23 485576 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2017-08-19 15:28 . 2017-09-12 20:07 197120 ----a-w- c:\windows\system32\shdocvw.dll
2017-08-19 00:01 . 2017-08-19 00:01 1804688 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2017-08-19 00:01 . 2017-08-19 00:01 290400 ----a-w- c:\windows\system32\SynTPCo35-02.dll
2017-08-19 00:01 . 2017-08-19 00:01 277600 ----a-w- c:\windows\system32\SynTPAPI.dll
2017-08-19 00:01 . 2017-08-19 00:01 639584 ----a-w- c:\windows\system32\drivers\SynTP.sys
2017-08-19 00:01 . 2017-08-19 00:01 66144 ----a-w- c:\windows\system32\drivers\SynRMIHID_Aux.sys
2017-08-19 00:00 . 2017-08-19 00:00 429144 ----a-w- c:\windows\SysWow64\SynCom.dll
2017-08-19 00:00 . 2017-08-19 00:00 778848 ----a-w- c:\windows\system32\SynCOM.dll
2017-08-19 00:00 . 2017-08-19 00:00 51288 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel_Aux.sys
2017-08-19 00:00 . 2017-08-19 00:00 50784 ----a-w- c:\windows\system32\drivers\Smb_driver_AMDASF_Aux.sys
2017-08-18 16:42 . 2017-08-18 16:42 92 ----a-w- c:\windows\system32\calibration.bin
2017-08-18 16:42 . 2017-08-18 16:42 231456 ----a-w- c:\windows\system32\pca-manta.bin
2017-08-16 15:29 . 2017-09-12 20:07 806912 ----a-w- c:\windows\system32\usp10.dll
2017-08-16 15:10 . 2017-09-12 20:07 629760 ----a-w- c:\windows\SysWow64\usp10.dll
2017-08-15 15:29 . 2017-09-12 20:07 14182400 ----a-w- c:\windows\system32\shell32.dll
2017-08-15 15:29 . 2017-09-12 20:07 1867264 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-08-15 15:10 . 2017-09-12 20:07 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2017-08-14 17:35 . 2017-09-12 20:07 2150912 ----a-w- c:\windows\SysWow64\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-12 20:07 303104 ----a-w- c:\windows\SysWow64\mmcbase.dll
2017-08-14 17:35 . 2017-09-12 20:07 128512 ----a-w- c:\windows\SysWow64\mmcshext.dll
2017-08-14 17:35 . 2017-09-12 20:07 172544 ----a-w- c:\windows\SysWow64\cic.dll
2017-08-14 17:35 . 2017-09-12 20:07 3203584 ----a-w- c:\windows\system32\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-12 20:07 355328 ----a-w- c:\windows\system32\mmcbase.dll
2017-08-14 17:35 . 2017-09-12 20:07 131072 ----a-w- c:\windows\system32\mmcshext.dll
2017-08-14 17:34 . 2017-09-12 20:07 211968 ----a-w- c:\windows\system32\cic.dll
2017-08-13 21:37 . 2017-09-12 20:07 2144256 ----a-w- c:\windows\system32\mmc.exe
2017-08-13 21:30 . 2017-09-12 20:07 1401344 ----a-w- c:\windows\SysWow64\mmc.exe
2017-08-11 06:35 . 2017-09-12 20:07 757248 ----a-w- c:\windows\system32\win32spl.dll
2017-08-11 06:35 . 2017-09-12 20:07 313856 ----a-w- c:\windows\system32\Wldap32.dll
2017-08-11 06:35 . 2017-09-12 20:07 25600 ----a-w- c:\windows\system32\winnsi.dll
2017-08-11 06:35 . 2017-09-12 20:07 512000 ----a-w- c:\windows\system32\rpcss.dll
2017-08-11 06:35 . 2017-09-12 20:07 346112 ----a-w- c:\windows\system32\ntprint.dll
2017-08-11 06:35 . 2017-09-12 20:07 26112 ----a-w- c:\windows\system32\nsisvc.dll
2017-08-11 06:35 . 2017-09-12 20:07 13312 ----a-w- c:\windows\system32\nsi.dll
2017-08-11 06:35 . 2017-09-12 20:07 2065408 ----a-w- c:\windows\system32\ole32.dll
2017-08-11 06:35 . 2017-09-12 20:07 26112 ----a-w- c:\windows\system32\oleres.dll
2017-08-11 06:34 . 2017-09-12 20:07 971776 ----a-w- c:\windows\system32\localspl.dll
2017-08-11 06:34 . 2017-09-12 20:07 166400 ----a-w- c:\windows\system32\inetpp.dll
2017-08-11 06:34 . 2017-09-12 20:07 22528 ----a-w- c:\windows\system32\inetppui.dll
2017-08-11 06:34 . 2017-09-12 20:07 8704 ----a-w- c:\windows\system32\comcat.dll
2017-08-11 06:20 . 2017-09-12 20:07 48640 ----a-w- c:\windows\system32\wpnpinst.exe
2017-08-11 06:20 . 2017-09-12 20:07 61952 ----a-w- c:\windows\system32\ntprint.exe
2017-08-11 06:19 . 2017-09-12 20:07 497664 ----a-w- c:\windows\SysWow64\win32spl.dll
2017-08-11 06:19 . 2017-09-12 20:07 271360 ----a-w- c:\windows\SysWow64\Wldap32.dll
2017-08-11 06:19 . 2017-09-12 20:07 16384 ----a-w- c:\windows\SysWow64\winnsi.dll
2017-08-11 06:19 . 2017-09-12 20:07 299008 ----a-w- c:\windows\SysWow64\ntprint.dll
2017-08-11 06:19 . 2017-09-12 20:07 8704 ----a-w- c:\windows\SysWow64\nsi.dll
2017-08-11 06:19 . 2017-09-12 20:07 1417728 ----a-w- c:\windows\SysWow64\ole32.dll
2017-08-11 06:19 . 2017-09-12 20:07 26112 ----a-w- c:\windows\SysWow64\oleres.dll
2017-08-11 06:12 . 2017-09-12 20:07 25088 ----a-w- c:\windows\system32\netbtugc.exe
2017-08-11 06:09 . 2017-09-12 20:07 61952 ----a-w- c:\windows\SysWow64\ntprint.exe
2017-08-11 06:03 . 2017-09-12 20:07 26624 ----a-w- c:\windows\SysWow64\netbtugc.exe
2017-08-11 06:01 . 2017-09-12 20:07 7168 ----a-w- c:\windows\SysWow64\comcat.dll
2017-08-11 06:00 . 2017-09-12 20:07 262656 ----a-w- c:\windows\system32\drivers\netbt.sys
2017-08-11 05:58 . 2017-09-12 20:07 26112 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2017-07-29 14:56 . 2017-08-08 21:05 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP DeskJet 5570 series (NET)"="c:\program files\HP\HP DeskJet 5570 series\Bin\ScanToPCActivationApp.exe" [2015-04-09 3558408]
"ABUNINSTALLEX"="c:\programdata\ab studio\ABUnInstallEx.exe" [2011-11-21 258048]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-10-18 10021040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2014-05-16 336672]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-20 291280]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2013-01-10 379904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
R0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
R0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
R0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
R0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 SynTPEnhService;SynTPEnh Caller Service;c:\program files\Synaptics\SynTP\SynTPEnhService.exe;c:\program files\Synaptics\SynTP\SynTPEnhService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 valWBFPolicyService;Synaptics FP WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
R3 AbSoftMgr4;AbSoftMgr4;c:\program files\Common Files\AB Studio Shared\AbSoftMgr4.exe;c:\program files\Common Files\AB Studio Shared\AbSoftMgr4.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
IISGroup REG_MULTI_SZ IISvr
wxapps REG_MULTI_SZ WinInstallSvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avg]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-10-05 19:30 1789648 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avg]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-10-05 19:30 1789648 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-11-06 1703424]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-10-05 253344]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1 10.0.0.10
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-10-27 00:25:06
ComboFix-quarantined-files.txt 2017-10-26 22:25
ComboFix2.txt 2017-10-26 22:01
ComboFix3.txt 2017-10-26 21:44
.
Před spuštěním: Volných bajtů: 421 983 461 376
Po spuštění: Volných bajtů: 421 584 048 128
.
- - End Of File - - D5AF34D0B36505476EC0FBFB85471E96
A36C5E4F47E84449FF07ED3517B43A31

#11 Příspěvek od **Roli** » 27 říj 2017 17:51

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Pak dej vědět jak se PC chová.

Pan Proty · #12 Příspěvek od **Pan Proty** » 30 říj 2017 17:03

odinstalováno a vše při starém

#13 Příspěvek od **Roli** » 30 říj 2017 21:58

Pan Proty píše:odinstalováno a vše při starém

Tím je myšleno co ?

Pan Proty · #14 Příspěvek od **Pan Proty** » 31 říj 2017 18:58

no nastartoval se normálně, žádné problémy, jen mi občas spadne a objeví se modrá smrt.. známí co mi ho čistil říkal, že mám špatnou grafickou kartu a většinou se to skutečně děje zejména když používám nějaký CAD soft nebo koukám na film na velké obrazovce, tak tomu nevěnuji pozornost.. beží prostě standartně..

před nějakým časem jsem ale při instalaci tuším že daemon toolsu nebo flash playeru stáhl nějaký malware a adware a ten mi zaviroval google chrom, tak, že se dostaly problémy i do PC v práci, kde jsem byl přihlášený na chromu také, ale již delší dobu jsem problémy s pc neměl ale ani ho nijak nečistil, pouze jsem testoval pc antivirem (avast) a čistil ho CCleanerem.. až jsem před pár dny narazil na Vaší stránku a jelikož jsem si koupil nový ntb, tak nechám stávající ntb Vámi zkontrolovat. Jednak abych měl jistotu, že se mi do nového žádný malware nedostane a aby neměl problémy budoucí uživatel starého ntb. Je možné aby se takto malware a jiné škodlivé programy přenášely? třeba i do mobilního telefonu? CHtěl bych mít jistotu, že v novém ntb poběží vše jak má..

jsem v této problematice úplný začátečník a neznalec, tak omluvte prosím mou zvědavost

#15 Příspěvek od **Roli** » 01 lis 2017 18:39

Pokud nezapojíš do nakaženého PC, notebooku, tabletu, .. flash disk, externí HDD, paměťovou kartu, ... vir nelze přenést. Pokud je napaden prohlížeč nemůže se vir přenést po přihlášení do jiného PC, pouze se synchronizuje nastavení, záložky, historie, ..... Co se týče mobilu, při normálním používání je velmi malá pravděpodobnost jeho zavirování, za X let co se o to občas snažím se mi to ještě nepodařilo.

Pokud Tě ještě něco zajímá klidně se ptej.

Co se týče té modré smrti jde skoro vždy zjistit co jí způsobilo.

Stáhni a nainstaluj Debugging Tools For Windows.

Přes Start >> Všechny programy vyhledej program s jménem WinDbg ve složce Debugging Tools for Windows a spusť.

Ve Windows 7 a novějších, spusť WinDbg jako administrátor (budeš přistupovat do adresáře Windows)

První co budeš muset nastavit je cesta k symbolům. Klikni na File -> Symbol File Path a zde nastav http://msdl.microsoft.com/download/symbols

Nyní můžeš začít analyzovat BSOB.

Klikni na File -> Open Crash Dump a najdi složku C:\Windows\Minidump.

Ve složce Minidumps se nacházejí soubory Minixxxxxx-xx.dmp (xxxxxx-xx je datum a pořadové číslo).

Pokud je složka prázdná neměl jsi ještě žádnou BSOD nebo jsi jí vymazal.

Jakmile soubor otevřeš začnou se načítat symboly a po chvilce můžeš zadávat přikazy do přikazového řádku, kde stačí napsat !analyze -v

nebo kliknout myší na příkaz.

Nejdůležitější parametry, které tě mohou zajímat jsou :

PROCESS_NAME (jméno procesu, který způsobil chybu),

IMAGE_NAME

MODULE_NAME

(tyto tři hodnoty mi sem nakopíruj nebo je stačí zadat do Googlu a řešení je jako na dlani)

VIRY.CZ

Prosím o kontrolu PC

Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC

Re: Prosím o kontrolu PC