Prosim o preventivku

Zpráva

Noone · #1 Příspěvek od **Noone** » 10 bře 2018 22:33

Dobry den, poprosil by som o preventivnu kontrolu po mensom upratovani v notebooku

Logfile of random's system information tool 1.16 (written by random/random)
Run by naylc at 2018-03-10 22:26:52
Microsoft Windows 8.1
System drive C: has 346 GB (75%) free of 459 GB
Total RAM: 3978 MB (51% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:27:05, on 10.3.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Users\naylc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\naylc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Program Files\trend micro\naylc_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe
O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7382 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe 553820803088
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe"
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
C:\Windows\SysWOW64\UMonit64.exe
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_00000714
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe"
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
"C:\Program Files\WinZip\FAH\FAHWindow64.exe" register
"C:\Program Files\WinZip\WzPreloader.exe"
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a ... hes/upload --application-name=skype-preview "--crashes-directory=C:\Users\naylc\AppData\Local\Temp\skype-preview Crashes" --v=1
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --no-sandbox --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,11,19,20,21,24,26,43,63,76 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3621 --gpu-driver-date=5-17-2014 --service-request-channel-token=DBB2AB951D46B3BD419A975251133BE1 --mojo-platform-channel-handle=1532 /prefetch:2
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --ms-disable-indexeddb-transaction-timeout --no-sandbox --primordial-pipe-token=8FBF14EAA7AC450829EF05C379A8C9AC --lang=sk --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\Preload.js" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=8FBF14EAA7AC450829EF05C379A8C9AC --renderer-client-id=4 --mojo-platform-channel-handle=1976 /prefetch:1
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\naylc\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\naylc\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\naylc\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.146 --initial-client-data=0x10c,0x110,0x114,0x108,0x118,0x7ff99398f1e8,0x7ff99398f1f8,0x7ff99398f208
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1860 --on-initialized-event-handle=440 --parent-handle=444 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1236,8398694439472335036,17565526942863355963,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3621 --gpu-driver-date=5-17-2014 --service-request-channel-token=908972A00FC243DAD542946E5B22A63E --mojo-platform-channel-handle=1252 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1236,8398694439472335036,17565526942863355963,131072 --service-pipe-token=DE4F6530877269CDFAFD96B3FC8F9A98 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=DE4F6530877269CDFAFD96B3FC8F9A98 --renderer-client-id=3 --mojo-platform-channel-handle=2524 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1236,8398694439472335036,17565526942863355963,131072 --service-pipe-token=B859E3D6B24EFF9AA6C724E98AF93BC1 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=B859E3D6B24EFF9AA6C724E98AF93BC1 --renderer-client-id=4 --mojo-platform-channel-handle=2816 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1236,8398694439472335036,17565526942863355963,131072 --service-pipe-token=4DAFC2470649640A9FA6750DDBF41CB3 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=4DAFC2470649640A9FA6750DDBF41CB3 --renderer-client-id=5 --mojo-platform-channel-handle=2864 /prefetch:1
"C:\Users\naylc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe" /LOGON
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1236,8398694439472335036,17565526942863355963,131072 --service-pipe-token=4B3C4AC369940710A6DAA72092F24EBE --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=4B3C4AC369940710A6DAA72092F24EBE --renderer-client-id=10 --mojo-platform-channel-handle=5560 /prefetch:1
"C:\Users\naylc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe"
"C:\Users\naylc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/0/OneClickSignIn/Standard/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/default/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="3864.1.654822699\350208088" /prefetch:3
"C:\Users\naylc\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1236,8398694439472335036,17565526942863355963,131072 --service-pipe-token=45FD165258317981BCCEEE5D1C2111F7 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=45FD165258317981BCCEEE5D1C2111F7 --renderer-client-id=13 --mojo-platform-channel-handle=3108 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 564 568 576 65536 572
"C:\Users\naylc\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Avira_Antivirus_Systray - "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
C:\WINDOWS\system32\tasks\BacKGroundAgent - C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
C:\WINDOWS\system32\tasks\SweetLabs App Platform - %LOCALAPPDATA%\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe /LOGON
C:\WINDOWS\system32\tasks\UMonitor Task - C:\Windows\SysWOW64\UMonit64.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\WINDOWS\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent /increment
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Google Chrome=========

C:\Users\naylc\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentácie 0.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension efaidnbmnnnibpcajpcglclefindmkaj 1 Adobe Acrobat 15.1.0.6
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabuľky 1.2
Extension fheoggkfdfchfphceeifdbepaooicaho 2 McAfee® WebAdvisor 5.1.0.636
Extension flliilndjeohchalpbbcdekjklbdgfkk 1 Avira Browser Safety 2.5.8.1961
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.27.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.73
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.7
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6518.129.0.1
Homepage:
default_search_provider.search_url:
C:\Users\naylc\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=

======Registry dump ======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={70E73A98-E34D-4930-AE34-B51921C28C26}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70E73A98-E34D-4930-AE34-B51921C28C26}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=ACJB

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={70E73A98-E34D-4930-AE34-B51921C28C26}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{70E73A98-E34D-4930-AE34-B51921C28C26}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=ACJB

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-26 13672152]
"BtServer"=C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [2014-06-06 217088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [2018-03-02 50100160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2018-02-05 98024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FAH.lnk - C:\Program Files\WinZip\FAH\FAHConsole.exe
WinZip Preloader.lnk - C:\Program Files\WinZip\WzPreloader.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-03-10 22:26:53 ----D---- C:\Program Files\trend micro
2018-03-10 22:26:52 ----D---- C:\rsit
2018-03-10 22:13:06 ----A---- C:\WINDOWS\system32\drivers\avusbflt.sys
2018-03-10 22:13:06 ----A---- C:\WINDOWS\system32\drivers\avnetflt.sys
2018-03-10 22:13:06 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2018-03-10 22:13:06 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2018-03-10 22:13:06 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2018-03-10 22:13:06 ----A---- C:\WINDOWS\system32\drivers\avdevprot.sys
2018-03-10 21:59:33 ----D---- C:\Users\naylc\AppData\Roaming\Mozilla
2018-03-10 21:58:23 ----D---- C:\Program Files (x86)\Avira
2018-03-10 21:58:20 ----D---- C:\ProgramData\Avira
2018-03-10 21:53:52 ----D---- C:\ProgramData\WinZip
2018-03-10 21:53:34 ----D---- C:\Program Files\WinZip
2018-03-10 21:51:04 ----D---- C:\ProgramData\UniqueId
2018-03-10 21:49:48 ----D---- C:\Program Files (x86)\WinRAR
2018-03-10 21:45:26 ----D---- C:\Users\naylc\AppData\Roaming\WildTangent
2018-03-10 20:26:40 ----D---- C:\Program Files (x86)\Adobe
2018-03-10 20:21:00 ----D---- C:\Program Files\VS Revo Group
2018-03-10 20:19:33 ----D---- C:\Users\naylc\AppData\Roaming\Skype
2018-03-10 20:19:08 ----D---- C:\Program Files (x86)\Microsoft
2018-03-10 20:13:24 ----D---- C:\Program Files (x86)\Kros
2018-03-10 20:08:16 ----D---- C:\Program Files (x86)\Google
2018-03-10 07:46:51 ----D---- C:\Windows.old
2018-03-10 07:21:46 ----D---- C:\$WINDOWS.~BT
2018-03-10 07:20:30 ----HD---- C:\$SysReset
2018-03-09 23:45:50 ----D---- C:\Program Files\Common Files\AV
2018-03-09 23:21:20 ----D---- C:\ProgramData\Apple
2018-03-09 23:12:11 ----D---- C:\Users\naylc\AppData\Roaming\Macromedia
2018-03-09 23:07:11 ----D---- C:\Users\naylc\AppData\Roaming\Adobe
2018-03-09 23:06:39 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-09 22:54:29 ----SD---- C:\Users\naylc\AppData\Roaming\Microsoft
2018-03-04 15:24:47 ----D---- C:\OSTotoFolder
2018-03-04 14:50:44 ----SHD---- C:\Config.Msi
2018-03-04 09:31:14 ----A---- C:\Recovery.txt
2018-02-13 07:42:21 ----D---- C:\TAXA

====== List of files/folders modified in the last 1 month ======

2018-03-10 22:26:59 ----D---- C:\WINDOWS\Prefetch
2018-03-10 22:26:53 ----RD---- C:\Program Files
2018-03-10 22:26:43 ----D---- C:\WINDOWS\Temp
2018-03-10 22:24:03 ----RD---- C:\WINDOWS\System32
2018-03-10 22:24:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-10 22:24:02 ----D---- C:\WINDOWS\Inf
2018-03-10 22:23:30 ----D---- C:\WINDOWS\system32\Tasks
2018-03-10 22:20:52 ----D---- C:\WINDOWS\AppReadiness
2018-03-10 22:20:11 ----D---- C:\Program Files\Common Files\mcafee
2018-03-10 22:20:11 ----D---- C:\Program Files (x86)\McAfee
2018-03-10 22:20:05 ----HD---- C:\ProgramData
2018-03-10 22:18:47 ----D---- C:\Program Files (x86)
2018-03-10 22:16:28 ----D---- C:\WINDOWS\system32\wdi
2018-03-10 22:13:21 ----D---- C:\WINDOWS\system32\drivers
2018-03-10 22:00:00 ----D---- C:\WINDOWS\system32\sru
2018-03-10 21:59:24 ----SHD---- C:\WINDOWS\Installer
2018-03-10 21:58:10 ----D---- C:\ProgramData\Package Cache
2018-03-10 21:54:11 ----D---- C:\Windows
2018-03-10 21:45:57 ----D---- C:\Program Files (x86)\WildTangent Games
2018-03-10 21:45:26 ----D---- C:\ProgramData\WildTangent
2018-03-10 21:41:50 ----SHD---- C:\System Volume Information
2018-03-10 21:38:09 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-03-10 21:38:05 ----SD---- C:\ProgramData\Microsoft
2018-03-10 21:34:23 ----D---- C:\Program Files\mcafee.com
2018-03-10 21:32:32 ----HD---- C:\WINDOWS\ELAMBKUP
2018-03-10 21:23:58 ----D---- C:\Program Files (x86)\Acer
2018-03-10 21:23:57 ----D---- C:\ProgramData\Acer
2018-03-10 21:21:18 ----D---- C:\WINDOWS\oem
2018-03-10 21:17:18 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-03-10 21:17:12 ----D---- C:\Program Files (x86)\CyberLink
2018-03-10 21:10:37 ----D---- C:\WINDOWS\SysWOW64
2018-03-10 21:01:52 ----D---- C:\ProgramData\OEM
2018-03-10 20:45:51 ----D---- C:\WINDOWS\system32\config
2018-03-10 20:43:44 ----D---- C:\WINDOWS\CbsTemp
2018-03-10 20:43:16 ----D---- C:\WINDOWS\WinSxS
2018-03-10 20:39:34 ----D---- C:\WINDOWS\system32\catroot2
2018-03-10 20:30:59 ----D---- C:\ProgramData\Adobe
2018-03-10 20:26:40 ----D---- C:\Program Files (x86)\Common Files
2018-03-10 20:21:47 ----D---- C:\WINDOWS\system32\restore
2018-03-10 20:09:12 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-03-10 20:07:24 ----HD---- C:\Program Files\WindowsApps
2018-03-10 07:47:05 ----D---- C:\WINDOWS\Logs
2018-03-10 07:46:33 ----SD---- C:\WINDOWS\system32\Microsoft
2018-03-09 23:45:50 ----D---- C:\Program Files\Common Files
2018-03-09 23:32:14 ----D---- C:\WINDOWS\Microsoft.NET
2018-03-09 23:25:08 ----D---- C:\WINDOWS\SoftwareDistribution
2018-03-09 23:16:13 ----RD---- C:\WINDOWS\assembly
2018-03-09 23:15:59 ----HD---- C:\OEM
2018-03-09 23:13:06 ----D---- C:\WINDOWS\rescache
2018-03-09 23:09:43 ----SHD---- C:\$Recycle.Bin
2018-03-09 23:07:49 ----DC---- C:\WINDOWS\Panther
2018-03-09 23:04:39 ----D---- C:\WINDOWS\debug
2018-03-09 23:03:50 ----D---- C:\WINDOWS\system32\Recovery
2018-03-09 22:50:28 ----RD---- C:\Users

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 avdevprot;avdevprot; C:\WINDOWS\system32\DRIVERS\avdevprot.sys [2018-02-22 60920]
R0 avusbflt;avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [2018-02-22 38048]
R0 MBI;@oem10.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-12-10 29464]
R0 Wof;Windows Overlay File System Filter Driver; C:\WINDOWS\system32\drivers\Wof.sys [2014-03-13 157016]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2018-02-22 169864]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2018-02-22 44488]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2018-02-22 178840]
R2 avnetflt;avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [2018-02-22 88488]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 ETDI2C;@oem15.inf,%ELANI2CDeviceDesc%;ELAN I2C Filter Driver; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [2014-04-08 173384]
R3 iaioi2c;@oem2.inf,%Driver_Service.Desc%;I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2ce.sys [2013-11-11 67584]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-05-30 3791872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2014-06-10 3996888]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2014-05-30 450520]
R3 iwdbus;@oem9.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-05-06 27032]
R3 RtkBtFilter;@oem16.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [2014-04-18 573144]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2014-05-08 871640]
R3 RTWlanE;@oem20.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2014-05-22 3468504]
R3 TXEIx64;@oem13.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\WINDOWS\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-03-18 1200640]
S3 GPIO;@oem1.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpioe.sys [2013-11-11 31232]
S3 intaud_WaveExtensible;@oem8.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-05-06 38296]
S3 LMDriver;@oem21.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\WINDOWS\System32\drivers\LMDriver.sys [2013-07-17 21360]
S3 RadioShim;@oem21.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\WINDOWS\System32\drivers\RadioShim.sys [2013-07-17 14680]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2014-03-18 167424]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-09-27 83984]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2018-02-22 492560]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2018-02-22 492560]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2018-02-05 449240]
R2 BTDevManager;BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [2014-05-06 94208]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2014-05-30 315352]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2018-02-22 1136744]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2018-02-22 1533608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-10 153168]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe []
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-05-30 279000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-10 153168]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]

-----------------EOF-----------------

#2 Příspěvek od **Conder** » 10 bře 2018 22:40

Ahoj

Odinstaluj vsetko od McAfee - zbytocnost, kedze tam uz mas nainstalovanu Aviru.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Scan (Skenovanie) a pockaj na dokoncenie
Klikni na Clean (Cistenie) a potvrd kliknutim na OK
AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj

Noone · #3 Příspěvek od **Noone** » 11 bře 2018 04:34

MacAffeho som odinstaloval hned ako som ho videl ale este po nom asi nieco zostalo :/

prikladam log z ADW:

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 11 03:26:43 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\naylc\AppData\Local\SweetLabs App Platform
Deleted: C:\Users\Default\AppData\Local\Pokki
Deleted: C:\Users\Public\Pokki
Deleted: C:\Program Files\Booking.com

***** [ Files ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Deleted: C:\Users\naylc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
Deleted: C:\Users\naylc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Deleted: C:\Users\Public\Desktop\Booking.com.lnk
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted: C:\Users\naylc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: SweetLabs App Platform

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted: [Key] - HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted: [Key] - HKU\PowerDVD_HIVE\Software\Pokki
Deleted: [Key] - HKU\PowerDVD_HIVE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Deleted: [Value] - HKU\PowerDVD_HIVE\Software\Microsoft\Windows\CurrentVersion\Run|Pokki
Deleted: [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Directory\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Drive\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\lnkfile\shell\pokki
Deleted: [Key] - HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\SweetLabs App Platform
Deleted: [Key] - HKCU\Software\SweetLabs App Platform

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2964 B] - [2018/3/11 3:23:6]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#4 Příspěvek od **Conder** » 11 bře 2018 04:48

OK, co ostalo docistime rucne.

Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.

Noone · #5 Příspěvek od **Noone** » 11 bře 2018 15:36

uff spusit frst je fuska s avirou ale podarilo sa a v prilohe priladam logy

#6 Příspěvek od **Conder** » 11 bře 2018 16:55

Log Addition.txt nie je cely. Spusti este raz FRST (bez FRSTLauncheru), klikni na Scan a posli log Addition.txt

Inak odporucam nepouzivat ziadne IObit programy (Driver Booster, Advanced SystemCare...) - su to cinske smejdy, ktore mozu poskodit system.

"Velikost slozky "C:\Users\naylc\Desktop" je 1738 MB."

Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Noone · #7 Příspěvek od **Noone** » 11 bře 2018 20:05

plocha vycistena, driver booster som pouzil iba jednorazovo koli nainstalovaniu drivrov na neidentifikovatelny HW

prikladam log addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by naylc (11-03-2018 20:02:09)
Running from C:\Users\naylc\Desktop
Windows 8.1 (Update) (X64) (2018-03-09 22:05:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3409495467-2586683993-4265649639-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3409495467-2586683993-4265649639-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3409495467-2586683993-4265649639-1003 - Limited - Enabled)
naylc (S-1-5-21-3409495467-2586683993-4265649639-1001 - Administrator - Enabled) => C:\Users\naylc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{59d593c9-028b-4f00-a84d-7a71f5a28ad7}) (Version: 1.2.106.18629 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{64874AE0-1F9C-426A-96FC-C53A57C97ADE}) (Version: 1.2.106.18629 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ELAN HIDI2C Filter Driver X64 13.6.1.1_WHQL (HKLM\...\Elantech) (Version: 13.6.1.1 - ELAN Microelectronic Corp.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1.1002 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.146 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.816.818.061114 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Skype verzia 8.17 (HKLM-x32\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.)
TAXA - daňové priznania (HKLM-x32\...\{08B9184D-CB5E-4B2C-9B60-BF210BD6C62B}_is1) (Version: 17.0 - KROS, a.s.)
WinRAR 5.40 (32-bitová verzia) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-01-06] (Realtek Semiconductor Corporation)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-02-22] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-05-30] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-05-30] (Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-02-22] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {49984B5D-7E24-440E-B071-9721E76040DF} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Task: {554D78DE-EB3C-4161-BB04-042C015CCC7E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {9A57BD67-959B-4BAE-8688-D2B4955F51A0} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-03-05] ()
Task: {A31852BF-9EBB-41A1-B3DD-E401C305DFEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-10] (Google Inc.)
Task: {E5E6F52E-B6BB-4D9F-9B9B-FC41E6943976} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {EABA2FE8-2975-4DE0-8319-99F7603F92DF} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-02-22] (Avira Operations GmbH & Co. KG)
Task: {F3B37B69-7922-4F2A-B3C5-A5D554C982B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-10] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-08-21 03:03 - 2014-05-06 22:41 - 000094208 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-08-21 03:01 - 2014-03-05 09:49 - 000053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2018-03-10 20:09 - 2018-03-06 09:12 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.146\libglesv2.dll
2018-03-10 20:09 - 2018-03-06 09:12 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.146\libegl.dll
2018-03-10 20:19 - 2018-03-02 21:44 - 001782904 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-03-10 20:19 - 2018-03-02 21:44 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-03-10 20:19 - 2018-03-02 21:44 - 002559608 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-03-10 20:19 - 2018-03-02 21:44 - 000031864 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-03-10 20:19 - 2018-03-02 21:44 - 000216520 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-03-10 20:19 - 2018-03-02 21:44 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-03-10 20:19 - 2018-03-02 21:44 - 000138688 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-03-10 20:19 - 2018-03-02 21:44 - 002188800 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-03-10 20:20 - 000002820 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\naylc\Downloads\11215867_10200674804388265_1233217095866229053_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F7DCE483-2A2C-41C5-974A-6C0DB1EB3227}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{105E467B-8A1F-47B8-960D-95F2E01026A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EE3D2EF0-02D3-4E37-97FF-D1D1922FD0F2}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{0228450E-8600-4CF8-93EC-9E6528B6A187}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{CD577782-3C27-481E-A792-545C75F788C5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{6505D5CC-EFCE-4CDA-B6B0-0FFAA6E3694E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4518A558-C990-4E9B-BF53-69BBB34489CB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{37247946-3448-4C77-8B96-2D0C61F4AC6D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{55711561-9BBB-42E2-B0F4-188BD33B81F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{22D933BF-B778-44AF-ADBE-276358E35DDB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{EEE39BB9-1638-41F6-8BB3-306D1C095002}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{D765CC88-08AE-47E1-9B5B-12F7223855A9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{2CCD3F04-6538-44DF-923E-E82B6FA78D1F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{00E004F2-EC05-407F-B375-712F77EAD2CD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{8522637C-182F-4524-8DF2-20D83A32E1C5}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{11270C5B-624E-4C70-96E7-3347307592FC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{00F49C1E-04E8-43DB-9C93-EAB2A4916482}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{B771A4B9-6C83-44BB-9AD9-BD3FF5B0B0D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{B3B4721B-5AE4-456D-B9F9-D9ACDF60B359}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{60DF3C4D-A8F3-48FC-8DCF-6833D58153E0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C4AE507D-588D-4B0D-B785-436F5408B3BE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================

10-03-2018 20:21:48 Revo Uninstaller's restore point - abDocs
10-03-2018 20:32:04 Revo Uninstaller's restore point - abDocs
10-03-2018 20:39:31 Revo Uninstaller's restore point - abMusic
10-03-2018 20:42:36 Revo Uninstaller's restore point - abPhoto
10-03-2018 20:45:33 Revo Uninstaller's restore point - Acer Explorer Agent
10-03-2018 20:46:50 Revo Uninstaller's restore point - Acer Launch Manager
10-03-2018 20:48:30 Revo Uninstaller's restore point - Acer Portal
10-03-2018 20:51:44 Revo Uninstaller's restore point - Acer Power Management
10-03-2018 20:52:57 Revo Uninstaller's restore point - Acer Quick Access
10-03-2018 20:55:04 Revo Uninstaller's restore point - Acer Recovery Management
10-03-2018 20:57:05 Revo Uninstaller's restore point - Acer Remote Files
10-03-2018 20:59:33 Revo Uninstaller's restore point - Acer User Experience Improvement Program App Monitor Plugin
10-03-2018 21:01:00 Revo Uninstaller's restore point - Acer User Experience Improvement Program Framework
10-03-2018 21:02:28 Revo Uninstaller's restore point - Acer Video Player
10-03-2018 21:04:51 Revo Uninstaller's restore point - AOP Framework
10-03-2018 21:06:56 Revo Uninstaller's restore point - Bonjour
10-03-2018 21:07:27 Removed Bonjour
10-03-2018 21:11:06 Revo Uninstaller's restore point - CyberLink PhotoDirector 3
10-03-2018 21:13:17 Revo Uninstaller's restore point - CyberLink PowerDirector 10
10-03-2018 21:17:48 Revo Uninstaller's restore point - Identity Card
10-03-2018 21:18:30 Removed Identity Card
10-03-2018 21:21:55 Revo Uninstaller's restore point - Live Updater
10-03-2018 21:22:29 Removed Live Updater
10-03-2018 21:24:27 Revo Uninstaller's restore point - McAfee LiveSafe – Internet Security
10-03-2018 21:34:30 Revo Uninstaller's restore point - Microsoft Office
10-03-2018 21:35:06 Removed Microsoft Office
10-03-2018 21:39:50 Revo Uninstaller's restore point - Spotify
10-03-2018 21:41:31 Revo Uninstaller's restore point - WildTangent Games

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2018 04:16:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/11/2018 04:16:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/11/2018 04:06:48 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
Operácia sa vrátila, pretože uplynul časový limit. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/11/2018 04:32:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/11/2018 04:32:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/10/2018 10:24:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/10/2018 10:24:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/10/2018 09:41:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Home Network since QueryServiceConfig API failed

System Error:
Systém nemôže nájsť zadaný súbor.
.

System errors:
=============
Error: (03/11/2018 04:31:00 PM) (Source: DCOM) (EventID: 10010) (User: AJKA)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (03/11/2018 04:30:30 PM) (Source: DCOM) (EventID: 10010) (User: AJKA)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/11/2018 04:14:43 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (03/11/2018 04:14:30 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (03/11/2018 04:12:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby McAfee SiteAdvisor Service zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (03/11/2018 04:27:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby McAfee SiteAdvisor Service zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (03/11/2018 04:26:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa neočakávane zastavil.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (03/11/2018 04:26:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa neočakávane zastavil.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 3977.7 MB
Available physical RAM: 1485.71 MB
Total Virtual: 5385.7 MB
Available Virtual: 2417.72 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.46 GB) (Free:339.7 GB) NTFS

\\?\Volume{21a2079f-a567-44dd-b204-a2f82e54c2eb}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.29 GB) NTFS
\\?\Volume{cb1ea696-d223-4d2d-bdf9-89fc235c3922}\ (Push Button Reset) (Fixed) (Total:16.3 GB) (Free:2.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1ADD7718)

Partition: GPT.

==================== End of Addition.txt ============================

#8 Příspěvek od **Conder** » 11 bře 2018 23:24

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3409495467-2586683993-4265649639-1001 -> DefaultScope {70E73A98-E34D-4930-AE34-B51921C28C26} URL = 
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
2018-03-11 15:20 - 2018-03-11 15:20 - 000112640 _____ (forum.viry.cz) C:\Users\naylc\Downloads\Nepotvrdené 212993.crdownload
2018-03-11 15:17 - 2018-03-11 15:17 - 000112640 _____ (forum.viry.cz) C:\Users\naylc\Downloads\Nepotvrdené 729002.crdownload
2018-03-09 23:45 - 2018-03-10 20:44 - 000003312 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-03-04 15:14 - 2018-03-04 15:22 - 012175000 _____ (OSToto Co., Ltd.) C:\Users\naylc\Downloads\DriverTalent_setup.exe
2018-03-03 22:35 - 2018-03-03 22:37 - 000000000 ____D C:\Users\naylc\AppData\LocalLow\IObit
2018-03-03 22:22 - 2018-03-03 22:24 - 013095264 _____ (IObit ) C:\Users\naylc\Downloads\sd5_setup.exe
2018-03-03 22:17 - 2018-03-03 22:18 - 019912008 _____ (IObit ) C:\Users\naylc\Downloads\driver_booster_setup.exe
2018-03-11 04:27 - 2014-07-08 05:50 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-10 22:20 - 2014-07-08 05:50 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-03-10 21:34 - 2014-07-08 05:50 - 000000000 ____D C:\Program Files\mcafee.com

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {E5E6F52E-B6BB-4D9F-9B9B-FC41E6943976} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
FirewallRules: [{F7DCE483-2A2C-41C5-974A-6C0DB1EB3227}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{105E467B-8A1F-47B8-960D-95F2E01026A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\AV\McAfee VirusScan

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Noone · #9 Příspěvek od **Noone** » 11 bře 2018 23:49

prikladam fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by naylc (11-03-2018 23:31:00) Run:1
Running from C:\Users\naylc\Desktop
Loaded Profiles: naylc (Available Profiles: naylc & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3409495467-2586683993-4265649639-1001 -> DefaultScope {70E73A98-E34D-4930-AE34-B51921C28C26} URL =
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
2018-03-11 15:20 - 2018-03-11 15:20 - 000112640 _____ (forum.viry.cz) C:\Users\naylc\Downloads\Nepotvrden� 212993.crdownload
2018-03-11 15:17 - 2018-03-11 15:17 - 000112640 _____ (forum.viry.cz) C:\Users\naylc\Downloads\Nepotvrden� 729002.crdownload
2018-03-09 23:45 - 2018-03-10 20:44 - 000003312 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-03-04 15:14 - 2018-03-04 15:22 - 012175000 _____ (OSToto Co., Ltd.) C:\Users\naylc\Downloads\DriverTalent_setup.exe
2018-03-03 22:35 - 2018-03-03 22:37 - 000000000 ____D C:\Users\naylc\AppData\LocalLow\IObit
2018-03-03 22:22 - 2018-03-03 22:24 - 013095264 _____ (IObit ) C:\Users\naylc\Downloads\sd5_setup.exe
2018-03-03 22:17 - 2018-03-03 22:18 - 019912008 _____ (IObit ) C:\Users\naylc\Downloads\driver_booster_setup.exe
2018-03-11 04:27 - 2014-07-08 05:50 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-10 22:20 - 2014-07-08 05:50 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-03-10 21:34 - 2014-07-08 05:50 - 000000000 ____D C:\Program Files\mcafee.com

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E5E6F52E-B6BB-4D9F-9B9B-FC41E6943976} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
FirewallRules: [{F7DCE483-2A2C-41C5-974A-6C0DB1EB3227}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{105E467B-8A1F-47B8-960D-95F2E01026A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\AV\McAfee VirusScan

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-3409495467-2586683993-4265649639-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => removed successfully
"HKLM\System\CurrentControlSet\Services\McAfee SiteAdvisor Service" => removed successfully
McAfee SiteAdvisor Service => service removed successfully
"C:\Users\naylc\Downloads\Nepotvrden� 212993.crdownload" => not found
"C:\Users\naylc\Downloads\Nepotvrden� 729002.crdownload" => not found
C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) => moved successfully
C:\Users\naylc\Downloads\DriverTalent_setup.exe => moved successfully
C:\Users\naylc\AppData\LocalLow\IObit => moved successfully
C:\Users\naylc\Downloads\sd5_setup.exe => moved successfully
C:\Users\naylc\Downloads\driver_booster_setup.exe => moved successfully
C:\Program Files (x86)\McAfee => moved successfully
C:\Program Files\Common Files\mcafee => moved successfully
C:\Program Files\mcafee.com => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5E6F52E-B6BB-4D9F-9B9B-FC41E6943976}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5E6F52E-B6BB-4D9F-9B9B-FC41E6943976}" => removed successfully
"C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7DCE483-2A2C-41C5-974A-6C0DB1EB3227}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{105E467B-8A1F-47B8-960D-95F2E01026A0}" => removed successfully
C:\Program Files\Common Files\AV\McAfee VirusScan => moved successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14657883 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 175216847 B
Edge => 0 B
Chrome => 66605329 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 72456 B
systemprofile32 => 128 B
LocalService => 61624 B
NetworkService => 11732 B
naylc => 311004850 B
Administrator => 12373 B

RecycleBin => 0 B
EmptyTemp: => 549.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-03-2018 23:37:04)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 23:37:05 ====

#10 Příspěvek od **Conder** » 12 bře 2018 00:02

Velikost slozky "C:\Users\naylc\Desktop" je 1738 MB.

Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Spusti este tento fixlist:

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
```
Start
CloseProcesses:
C:\Users\naylc\Downloads\Nepotvrden*
Hosts:
End
```
Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Noone · #11 Příspěvek od **Noone** » 12 bře 2018 00:34

plochu som vycistil uz minulu akciu, prikladam fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by naylc (12-03-2018 00:24:51) Run:2
Running from C:\Users\naylc\Desktop
Loaded Profiles: naylc (Available Profiles: naylc & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
C:\Users\naylc\Downloads\Nepotvrden*
Hosts:
End
*****************

Processes closed successfully.

=========== "C:\Users\naylc\Downloads\Nepotvrden*" ==========

C:\Users\naylc\Downloads\Nepotvrdené 212993.crdownload => moved successfully
C:\Users\naylc\Downloads\Nepotvrdené 729002.crdownload => moved successfully

========= End -> "C:\Users\naylc\Downloads\Nepotvrden*" ========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2018 00:27:26)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 00:27:27 ====

#12 Příspěvek od **Conder** » 12 bře 2018 15:15

Aha, OK, tu plochu som prehliadol. Pusti este tento fixlist:

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
StartBatch:
echo "127.0.0.1 localhost" > C:\FRST\hosts
EndBatch:
C:\Windows\System32\Drivers\etc\hosts
Replace: C:\FRST\hosts C:\Windows\System32\Drivers\etc\hosts
Hosts:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Noone · #13 Příspěvek od **Noone** » 12 bře 2018 18:40

prikladam novy fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by naylc (12-03-2018 17:56:06) Run:3
Running from C:\Users\naylc\Desktop
Loaded Profiles: naylc (Available Profiles: naylc & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
StartBatch:
echo "127.0.0.1 localhost" > C:\FRST\hosts
EndBatch:
C:\Windows\System32\Drivers\etc\hosts
Replace: C:\FRST\hosts C:\Windows\System32\Drivers\etc\hosts
Hosts:
End
*****************

Processes closed successfully.

========= Batch: =========

========= End of Batch: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not replace C:\Windows\System32\Drivers\etc\hosts
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2018 17:59:41)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.
C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 17:59:42 ====

#14 Příspěvek od **Conder** » 15 bře 2018 16:51

Hosts subor mas upraveny umyselne?

Noone · #15 Příspěvek od **Noone** » 15 bře 2018 21:03

nemyslim si :O aspon neviem o tom :O

VIRY.CZ

Prosim o preventivku

Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku

Re: Prosim o preventivku