Problem s Firefox

Zpráva

hijack · #1 Příspěvek od **hijack** » 24 pro 2017 00:07

Ve Firefox mám pravděpodobně malware. Místo vyhledávání Google se zobrazuje Yahoo! Engine Search. Nepomůže smazání Yahoo a přepsání na Google. Po restartu FF se znovu nastaví zpět yahoo. Avast nic nenahlásí, projeto MB3, mwav Wiper Soft a Zemana.Anti.Malware. Pokud některý z programů nalezl problémové soubory, tak je smazal nebo opravil. Pořád ale problém zůstává stejný.

PS: nedaří se mi sem vložit Copy-Paste log z RSIT, zpráva nejde odeslat, je překročen počet znaků (mám 12 tis. a povoleno mi prý je jen 10 tis). Když se log.txt pokouším vložit jako soubor, tak mi to červeně vypíše "Příloha není povolena". Jak se sem ten soubor s logem má správně vložit?

Alespoň sem přidám URL na můj log. Díky za pomoc.

http://www.stud.fit.vutbr.cz/~xmisov00/log.txt

#2 Příspěvek od **Márty84** » 24 pro 2017 13:39

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

hijack · #3 Příspěvek od **hijack** » 24 pro 2017 20:45

# AdwCleaner 7.0.6.0 - Logfile created on Sun Dec 24 19:27:06 2017
# Updated on 2017/21/12 by Malwarebytes
# Database: 12-23-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.WiperSoft, C:\Program Files\WiperSoft
PUP.Optional.WebCompanion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4080920950-73230-1665257507-1000\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

hijack · #4 Příspěvek od **hijack** » 24 pro 2017 20:47

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 24.12.17
Čas skenování: 20:42
Logovací soubor: 878d884e-e8e2-11e7-a534-7085c2463263.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.262
Aktualizovat verzi balíku komponent: 1.0.3557
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: User-PC\User

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 229944
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 0 min, 31 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

hijack · #5 Příspěvek od **hijack** » 24 pro 2017 20:49

Nic nenalezeno, problém s Yahoo Search trvá. Kde se dá nastavit v Malwarebytes, aby kontroloval i rootkity?

#6 Příspěvek od **Márty84** » 24 pro 2017 22:02

Log z ADWCleaneru je jen ze skenu, nechal jste nalezy i odstranit?

V MBAM jste dal jen sken hrozeb, ja chtel Vlastni sken a tam je i moznost nastavit vsechny disky i ty rootkity.
Pokud bude sken bez nalezu, date logy z FRST a odpalime to silou rucne.

hijack · #7 Příspěvek od **hijack** » 26 pro 2017 12:51

Márty84 píše:Log z ADWCleaneru je jen ze skenu, nechal jste nalezy i odstranit?

ADWCleaner po stisknutí Scan napsal: "No unwanted element found." Po stisknutí Clean neco provedl a pak restartoval počítač.

Po restartu vypsal log:

# AdwCleaner 7.0.6.0 - Logfile created on Tue Dec 26 11:40:46 2017
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1516 B] - [2017/12/24 19:28:8]
C:/AdwCleaner/AdwCleaner[S0].txt - [1414 B] - [2017/12/24 19:27:6]
C:/AdwCleaner/AdwCleaner[S1].txt - [1088 B] - [2017/12/26 11:39:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Toto bylo v souboru AdwCleaner[S1].txt:

# AdwCleaner 7.0.6.0 - Logfile created on Tue Dec 26 11:39:53 2017
# Updated on 2017/21/12 by Malwarebytes
# Database: 12-26-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1516 B] - [2017/12/24 19:28:8]
C:/AdwCleaner/AdwCleaner[S0].txt - [1414 B] - [2017/12/24 19:27:6]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

hijack · #8 Příspěvek od **hijack** » 26 pro 2017 13:40

Márty84 píše: V MBAM jste dal jen sken hrozeb, ja chtel Vlastni sken a tam je i moznost nastavit vsechny disky i ty rootkity.
Pokud bude sken bez nalezu, date logy z FRST a odpalime to silou rucne.

Tady je "Vlastní sken" i s rootkity:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 26.12.17
Čas skenování: 12:57
Logovací soubor: ef9fbbb3-ea33-11e7-94d6-7085c2463263.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.262
Aktualizovat verzi balíku komponent: 1.0.3563
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: User-PC\User

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 200570
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 38 min, 17 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

hijack · #9 Příspěvek od **hijack** » 26 pro 2017 14:17

Márty84 píše: Pokud bude sken bez nalezu, date logy z FRST a odpalime to silou rucne.

Mám 64-bitový Win7, podařilo se mi stáhnout soubor FRSR64, teď se snažím stáhnout FRSTLauncher z adresy

http://viry.xf.cz/pro_usery/FRSTLauncher.exe

Google mi hlásí info o zavirované stránce, dám povolit uložení souboru FRSTLauncher na plochu a pak spustím pravou myší Launcher a ten mi vypíše chybovou hlášku: "C:\Users\User\Desktop\FRSTLauncher.exe není platná aplikace typu Win32."

hijack · #10 Příspěvek od **hijack** » 26 pro 2017 14:29

Tady je ta chybová hláška.

#11 Příspěvek od **Márty84** » 26 pro 2017 14:32

Tak dejte logy jen ze samotneho FRST, bez Launcheru.

hijack · #12 Příspěvek od **hijack** » 26 pro 2017 14:39

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
Ran by User (administrator) on USER-PC (26-12-2017 14:37:20)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16697352 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-03-29] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-08-18] (Intel Corporation)
HKU\S-1-5-21-4080920950-73230-1665257507-1000\...\MountPoints2: {ba3b02c7-c85e-11e7-8188-806e6f6e6963} - D:\ASRSetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-11-13]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4780111E-B569-4E62-B478-7E5CC5D1DCAC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4080920950-73230-1665257507-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =

FireFox:
========
FF DefaultProfile: 3q1ljzos.default-1514060110626
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3q1ljzos.default-1514060110626 [2017-12-26]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-23] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-12-26]
CHR Extension: (Prezentace) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-23]
CHR Extension: (Dokumenty) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-23]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-23]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-23]
CHR Extension: (Tabulky) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-23]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-12-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-08-18] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-03-29] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-08-18] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2016-07-26] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [41472 2017-03-29] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-12-26] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-26] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [485512 2017-12-23] (BitDefender S.R.L.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-23] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 14:37 - 2017-12-26 14:37 - 000010081 _____ C:\Users\User\Desktop\FRST.txt
2017-12-26 14:36 - 2017-12-26 14:37 - 000000000 ____D C:\FRST
2017-12-26 13:57 - 2017-12-26 14:07 - 000000000 _____ C:\Users\User\Desktop\FRSTLauncher.exe
2017-12-26 13:43 - 2017-12-26 14:07 - 002392064 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-12-26 13:36 - 2017-12-26 13:36 - 000001669 _____ C:\Users\User\Desktop\malwarebytes.txt
2017-12-26 12:55 - 2017-12-26 12:55 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-26 12:54 - 2017-12-26 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-26 12:54 - 2017-12-26 12:54 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-24 20:36 - 2017-12-26 12:54 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-24 20:36 - 2017-12-26 12:54 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-24 20:36 - 2017-12-26 12:54 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-24 20:36 - 2017-12-26 12:54 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-24 20:36 - 2017-12-26 12:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-24 20:36 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-24 20:35 - 2017-12-26 12:54 - 083316440 _____ (Malwarebytes ) C:\Users\User\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-24 20:26 - 2017-12-26 12:40 - 000000000 ____D C:\AdwCleaner
2017-12-24 20:23 - 2017-12-26 12:33 - 008198432 _____ (Malwarebytes) C:\Users\User\Desktop\adwcleaner_7.0.6.0.exe
2017-12-23 23:11 - 2017-12-23 23:11 - 000000000 ____D C:\rsit
2017-12-23 23:11 - 2017-12-23 23:11 - 000000000 ____D C:\Program Files\trend micro
2017-12-23 23:04 - 2017-12-26 14:37 - 000056188 _____ C:\Windows\ZAM.krnl.trace
2017-12-23 23:04 - 2017-12-26 14:37 - 000029306 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-23 23:00 - 2017-12-23 23:00 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-23 22:48 - 2017-12-23 22:48 - 000027888 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe
2017-12-23 22:48 - 2017-12-23 22:48 - 000000000 ____D C:\Users\User\AppData\Local\CrashRpt
2017-12-23 22:11 - 2017-12-23 22:40 - 000000056 _____ C:\Windows\Lic.xxx
2017-12-23 22:10 - 2017-12-23 22:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000485512 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-12-23 22:10 - 2017-12-23 22:10 - 000156392 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2017-12-23 22:10 - 2017-12-23 22:10 - 000000000 ____D C:\ProgramData\MicroWorld
2017-12-23 21:43 - 2017-12-23 21:43 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-12-23 21:43 - 2017-12-23 21:43 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-12-23 21:43 - 2017-12-23 21:43 - 000000000 ____D C:\Users\User\AppData\Local\Zemana
2017-12-23 21:15 - 2017-12-23 21:15 - 000000000 ____D C:\Users\User\Desktop\Původní data aplikace Firefox
2017-12-23 20:41 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-23 20:41 - 2017-11-15 02:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-23 20:41 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-23 20:41 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-23 20:41 - 2017-11-14 04:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-23 20:41 - 2017-11-14 04:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-23 20:41 - 2017-11-14 04:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-23 20:41 - 2017-11-14 04:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-23 20:41 - 2017-11-14 04:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-23 20:41 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-23 20:41 - 2017-11-14 04:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-23 20:41 - 2017-11-14 04:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-23 20:41 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-23 20:41 - 2017-11-14 04:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-23 20:41 - 2017-11-14 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-23 20:41 - 2017-11-14 04:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-23 20:41 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-23 20:41 - 2017-11-14 04:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-23 20:41 - 2017-11-14 04:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-23 20:41 - 2017-11-14 04:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-23 20:41 - 2017-11-14 04:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-23 20:41 - 2017-11-14 04:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-23 20:41 - 2017-11-14 04:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-23 20:41 - 2017-11-14 04:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-23 20:41 - 2017-11-14 04:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-23 20:41 - 2017-11-14 04:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-23 20:41 - 2017-11-14 04:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-23 20:41 - 2017-11-14 04:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-23 20:41 - 2017-11-14 03:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-23 20:41 - 2017-11-14 03:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-23 20:41 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-23 20:41 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-23 20:41 - 2017-11-14 03:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-23 20:41 - 2017-11-14 03:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-23 20:41 - 2017-11-14 03:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-23 20:41 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-23 20:41 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-23 20:41 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-23 20:41 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-23 20:41 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-23 20:41 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-23 20:41 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-23 20:41 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-23 20:41 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-23 20:41 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-23 20:41 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-23 20:41 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-23 20:41 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-23 20:41 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-23 20:41 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-23 20:41 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-23 20:41 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-23 20:41 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-23 20:41 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-23 20:41 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-23 20:41 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-23 20:41 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-23 20:41 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-23 20:41 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-23 20:41 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-23 20:41 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-23 20:41 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-23 20:41 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-23 20:41 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-23 20:41 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-23 20:41 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-23 20:41 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-23 20:41 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-23 20:41 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-23 20:41 - 2017-11-07 17:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-23 20:41 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-23 20:41 - 2017-11-04 16:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-23 20:41 - 2017-11-04 16:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-23 20:41 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-23 20:41 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-23 20:41 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-23 20:41 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-23 20:41 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-23 20:41 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-23 20:41 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-23 20:41 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-23 20:41 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-23 20:41 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-23 20:41 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-23 20:41 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-23 20:41 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-23 20:35 - 2017-12-23 20:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-23 17:28 - 2017-12-23 17:37 - 000000000 ____D C:\Users\User\AppData\Local\Google
2017-12-23 17:28 - 2017-12-23 17:30 - 000000000 ____D C:\Program Files (x86)\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 14:31 - 2009-07-14 05:45 - 000022752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-26 14:31 - 2009-07-14 05:45 - 000022752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-26 13:55 - 2017-11-13 16:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-12-26 12:48 - 2011-04-12 09:34 - 000669580 _____ C:\Windows\system32\perfh005.dat
2017-12-26 12:48 - 2011-04-12 09:34 - 000141738 _____ C:\Windows\system32\perfc005.dat
2017-12-26 12:48 - 2009-07-14 06:13 - 001586648 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-26 12:48 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-26 12:41 - 2017-11-13 13:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-26 12:41 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-24 20:28 - 2017-11-18 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-12-24 17:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-12-23 23:04 - 2017-11-18 17:25 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-23 22:28 - 2009-07-14 03:34 - 000000873 _____ C:\Windows\win.ini
2017-12-23 22:00 - 2009-07-14 05:45 - 000267368 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-23 21:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-23 21:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-23 21:49 - 2017-11-13 14:58 - 000000000 ____D C:\Windows\system32\MRT
2017-12-23 21:48 - 2017-11-13 14:58 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-23 21:48 - 2017-11-13 14:58 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-23 21:27 - 2017-11-13 16:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-23 21:27 - 2017-11-13 16:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-23 21:19 - 2017-11-18 18:43 - 000000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-12-23 20:37 - 2017-11-18 21:20 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2017-12-23 20:34 - 2017-11-18 17:27 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151405775039704
2017-12-23 20:33 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2017-12-23 20:32 - 2017-11-19 19:19 - 000000000 ____D C:\torent2
2017-12-23 20:32 - 2017-11-18 18:43 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-12-23 20:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\servicing
2017-12-23 20:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2017-12-23 20:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-12-23 20:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\AppCompat
2017-12-23 20:32 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-12-21 11:19 - 2017-11-18 16:37 - 000000000 ____D C:\xtorent

Some files in TEMP:
====================
2017-12-23 22:10 - 2015-10-08 11:54 - 000058088 _____ (BitDefender) C:\Users\User\AppData\Local\Temp\avxdisk.dll
2017-12-23 22:10 - 2017-02-06 20:30 - 000193936 _____ (BitDefender) C:\Users\User\AppData\Local\Temp\bdc.exe
2017-12-23 22:10 - 2016-07-20 12:44 - 000126624 _____ (Bitdefender) C:\Users\User\AppData\Local\Temp\bdcore.dll
2017-12-23 22:10 - 2017-02-06 20:30 - 000243624 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\bdfltlib2k.dll
2017-12-23 22:10 - 2017-02-06 20:30 - 000094192 _____ (BitDefender) C:\Users\User\AppData\Local\Temp\bdnimbus32.dll
2017-12-23 22:10 - 2017-02-06 20:30 - 000100968 _____ (BitDefender) C:\Users\User\AppData\Local\Temp\bdnimbus64.dll
2017-12-23 22:10 - 2017-02-06 20:30 - 000017760 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\bdupdateservice.dll
2017-12-23 22:10 - 2017-02-06 20:30 - 001365984 _____ (Bitdefender) C:\Users\User\AppData\Local\Temp\BDUpdateServiceCom.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000064744 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\DEVCON.EXE
2017-12-23 22:10 - 2017-12-23 22:10 - 000156392 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\eEmpty.exe
2017-12-23 22:10 - 2017-02-06 20:30 - 000626608 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\encdec.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000766320 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\esupdate.exe
2017-12-23 22:10 - 2017-02-06 20:31 - 000054224 _____ (Kaspersky Lab) C:\Users\User\AppData\Local\Temp\FSSync.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000133136 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\Getvlist.exe
2017-12-23 22:10 - 2017-02-06 20:31 - 000081544 _____ () C:\Users\User\AppData\Local\Temp\ikave.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000052512 _____ (Kaspersky Lab.) C:\Users\User\AppData\Local\Temp\ipc.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000297656 _____ (Kaspersky Lab.) C:\Users\User\AppData\Local\Temp\kave.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000119032 _____ () C:\Users\User\AppData\Local\Temp\kavvlg.dll
2016-11-23 12:47 - 2016-11-23 12:47 - 000367368 ____R () C:\Users\User\AppData\Local\Temp\LiveSetupLdr.exe
2017-12-23 22:10 - 2017-02-06 20:31 - 000262992 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\msvclnt.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000554240 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\msvcp80.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000572928 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\msvcp90.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000632064 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\msvcr80.dll
2017-12-23 22:10 - 2017-12-23 22:10 - 000655872 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\msvcr90.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 005855944 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\msvl64.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000254616 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\msvlclnt.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 001191824 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\mwavdwnl.exe
2017-12-23 22:10 - 2017-02-06 20:31 - 000617728 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\MWAVL.exe
2017-12-23 22:10 - 2017-02-06 20:31 - 001180960 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\mwavscan.exe
2017-12-23 22:10 - 2017-02-06 20:31 - 001510872 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\mwunzip.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000202064 _____ (Kaspersky Lab) C:\Users\User\AppData\Local\Temp\prLoader.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000023592 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\red32.dll
2017-12-23 22:10 - 2017-02-06 20:31 - 000435944 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\Reload.exe
2017-12-23 22:10 - 2017-02-06 20:31 - 000518672 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\scan.dll
2017-12-23 22:10 - 2017-02-06 20:32 - 000156352 _____ (Kaspersky Lab.) C:\Users\User\AppData\Local\Temp\ScanningProcess.exe
2017-12-23 22:10 - 2017-02-06 20:32 - 000093048 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\setpriv.exe
2017-12-23 22:10 - 2017-02-06 20:32 - 000867144 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\test2.exe
2017-12-23 22:10 - 2017-12-23 22:28 - 000479832 _____ (BitDefender S.R.L.) C:\Users\User\AppData\Local\Temp\trufos.dll
2017-12-23 22:10 - 2017-02-06 20:32 - 000116448 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\unregx.exe
2017-12-23 22:23 - 2017-06-28 22:54 - 001484976 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\UPDLL10.DLL
2017-12-23 22:10 - 2017-02-06 20:32 - 000593872 _____ (MicroWorld Technologies Inc.) C:\Users\User\AppData\Local\Temp\viewtcp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-21 15:44

==================== End of FRST.txt ============================

hijack · #13 Příspěvek od **hijack** » 26 pro 2017 14:39

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by User (26-12-2017 14:37:48)
Running from C:\Users\User\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-11-13 10:42:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4080920950-73230-1665257507-500 - Administrator - Disabled)
Guest (S-1-5-21-4080920950-73230-1665257507-501 - Limited - Disabled)
User (S-1-5-21-4080920950-73230-1665257507-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aktualizace NVIDIA 17.12.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 17.12.8 - NVIDIA Corporation) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.90.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.90.0000 - GIGABYTE Technology Co.,Ltd.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Network Connections 21.1.29.0 (HKLM\...\PROSetDX) (Version: 21.1.29.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.5.0.1051 - Intel Corporation)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.2 (x64 cs)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Ovládací panel NVIDIA 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.81 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-08-18] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {B9583C25-52AD-4912-9699-59A8AD78EA0B} - System32\Tasks\Opera scheduled Autoupdate 1511019287 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Task: {D69184F4-C4DC-4C72-98D8-9BDF5D43CDF0} - System32\Tasks\OC GURU II Auto Run => C:\Program [Argument = Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-11-13 13:07 - 2015-08-18 01:07 - 000115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-24 20:36 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4080920950-73230-1665257507-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4080920950-73230-1665257507-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DFBC9766-793E-49A0-A18A-15AC494D373E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{977242FD-9A40-47E1-A670-C2740EDCE150}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3A593868-9A1B-47A9-9D47-B59870A4FA5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{961AF6D5-0CD1-4B42-8098-249B4AEF4084}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{10526D1E-E45E-475F-9AD9-11EE85B6E9DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E480861F-E3B0-4CEE-9011-67FD659973F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{297CD536-46A1-459C-B0D6-CF31A1EBBB99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4BD65957-4D5E-4BD3-9177-39E10E72167A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09EA400D-3053-40A6-893A-6DCBBF65D827}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{695EDB8D-F996-42D1-B56D-F7EA69262C52}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CD0B095-021D-44A9-8734-4ED64091B26D}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe
FirewallRules: [{C165E635-0C3C-4A32-A785-1FEB1F8DA6AD}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\49.0.2725.39\opera.exe

==================== Restore Points =========================

02-12-2017 08:42:53 Naplánovaný kontrolní bod
07-12-2017 22:40:13 Windows Update
16-12-2017 08:44:21 Windows Update
16-12-2017 08:45:33 Naplánovaný kontrolní bod
16-12-2017 08:47:41 Instalační služba modulů systému Windows
23-12-2017 10:54:07 Naplánovaný kontrolní bod
23-12-2017 20:29:32 Operace obnovení
23-12-2017 21:48:22 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2017 12:43:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/26/2017 08:59:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/25/2017 06:55:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/25/2017 06:53:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (12/25/2017 06:53:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (12/25/2017 06:53:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (12/25/2017 08:08:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/24/2017 08:30:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/24/2017 08:35:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/23/2017 11:06:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (12/26/2017 12:40:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (12/26/2017 12:40:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (12/26/2017 12:40:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (12/26/2017 12:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/26/2017 12:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/26/2017 12:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) PROSet Monitoring Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/26/2017 12:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA GeForce Experience Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/26/2017 12:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Stereoscopic 3D Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/26/2017 12:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/26/2017 12:39:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G4400 @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 8156.74 MB
Available physical RAM: 5903.84 MB
Total Virtual: 16311.66 MB
Available Virtual: 13817.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:862.38 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:601.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8774C437)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8774C44F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

hijack · #14 Příspěvek od **hijack** » 26 pro 2017 14:42

Ten soubor Additional scan se vytvořil i když to bylo spuštěné jen z FRST.

#15 Příspěvek od **Márty84** » 26 pro 2017 14:49

Odinstalujte MBAM

Napiste mi velikost adresare plochy (C:\Users\User\Plocha)

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4080920950-73230-1665257507-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-23] <==== ATTENTION

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

VIRY.CZ

Problem s Firefox

Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox

Re: Problem s Firefox