Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosím o kontrolu, PC používají děti

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Dennis
Návštěvník
Návštěvník
Příspěvky: 153
Registrován: 18 kvě 2009 06:38
Bydliště: Trutnov

prosím o kontrolu, PC používají děti

#1 Příspěvek od Dennis »

prosím o kontrolu, počutač používají děti a zdá se mi hroně pomalý

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Katerina (administrator) on LENOVO-PC (27-03-2018 16:20:44)
Running from C:\Users\Katerina\Desktop
Loaded Profiles: Katerina (Available Profiles: Katerina)
Platform: Windows 8.1 Connected (Update) (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Wargaming.net) C:\Games\World_of_Warships\WargamingGameUpdater.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\wgc_watchdog.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-24] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Printsrv] => c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs [1256 2017-11-26] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-02-23] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3140384 2018-01-25] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [Wargaming.net Game Center] => C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe [2122488 2018-03-20] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Policies\Explorer: [NoDrives] 00000003

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{59017969-8467-4D8E-8E53-31C9D74D177F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {8B9EB039-63F1-4391-A523-60A7D41E15F7} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-03-24] (AVAST Software)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-24] (AVAST Software)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: nuxfrk69.default
FF ProfilePath: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default [2018-03-27]
FF Homepage: Mozilla\Firefox\Profiles\nuxfrk69.default -> moz-extension://2b69becb-becb-4911-8362-2f6deef8eb98/dynamicHomePage.html
FF Session Restore: Mozilla\Firefox\Profiles\nuxfrk69.default -> is enabled.
FF HomepageOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
FF NewTabOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
FF Extension: (Bing Search) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-15] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\sp@avast.com.xpi [2018-03-10]
FF Extension: (Avast Online Security) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\wrc@avast.com.xpi [2017-10-07]
FF Extension: (SearchFormsOnline) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\_jiMembers_@www.searchformsonline.com.xpi [2018-03-10]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\features\{332ed633-1bb2-4f2c-b6f0-117383c0fc79}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-26] [Legacy]
FF SearchPlugin: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\searchplugins\bing-.xml [2017-07-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2920686228-2870246678-1652887067-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-2920686228-2870246678-1652887067-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C210CZ91105D20171016&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default [2018-03-27]
CHR Extension: (Prezentace) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-23]
CHR Extension: (YouTube) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-30]
CHR Extension: (Avast SafePrice) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-11]
CHR Extension: (Tabulky) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-29]
CHR Extension: (Gmail) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-24] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-24] (AVAST Software)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-11] (Macrovision Europe Ltd.) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-24] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-24] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-24] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-24] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-24] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-24] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-24] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-24] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-24] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-24] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-24] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-24] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-24] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-24] (AVAST Software)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 HWiNFO32; \??\C:\Users\Katerina\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-27 16:20 - 2018-03-27 16:21 - 000024012 _____ C:\Users\Katerina\Desktop\FRST.txt
2018-03-27 16:19 - 2018-03-27 16:20 - 000000000 ____D C:\FRST
2018-03-27 16:19 - 2018-03-27 16:18 - 002403328 _____ (Farbar) C:\Users\Katerina\Desktop\FRST64.exe
2018-03-27 16:18 - 2018-03-27 16:18 - 002403328 _____ (Farbar) C:\Users\Katerina\Downloads\FRST64.exe
2018-03-27 12:58 - 2018-03-27 13:13 - 000000000 ____D C:\AdwCleaner
2018-03-27 12:57 - 2018-03-27 12:58 - 008222496 _____ (Malwarebytes) C:\Users\Katerina\Downloads\adwcleaner_7.0.8.0 (1).exe
2018-03-26 16:29 - 2018-03-26 16:30 - 001129816 _____ (Google Inc.) C:\Users\Katerina\Downloads\ChromeSetup.exe
2018-03-24 18:22 - 2018-03-24 18:21 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-03-20 16:00 - 2018-03-02 20:55 - 000834552 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-03-20 16:00 - 2018-03-02 20:55 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 06:32 - 2017-10-04 10:21 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2018-03-14 06:32 - 2017-10-04 10:21 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2018-03-14 06:32 - 2017-10-04 05:45 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2018-03-14 06:32 - 2017-10-04 05:45 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2018-03-14 02:21 - 2018-03-03 09:24 - 007407960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-03-14 02:21 - 2018-02-18 22:53 - 004168704 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-03-14 02:21 - 2018-02-16 17:45 - 025742848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-03-14 02:21 - 2018-02-16 17:44 - 013678080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-03-14 02:21 - 2018-02-16 17:19 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-03-14 02:21 - 2018-02-15 17:15 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-03-14 02:21 - 2018-02-15 16:57 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-03-14 02:21 - 2018-02-10 21:29 - 000274272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2018-03-14 02:21 - 2018-02-10 21:08 - 001307328 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-03-14 02:21 - 2018-02-10 19:40 - 002901504 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-03-14 02:21 - 2018-02-10 19:37 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-03-14 02:21 - 2018-02-10 19:27 - 000817152 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-03-14 02:21 - 2018-02-10 19:10 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-03-14 02:21 - 2018-02-10 19:09 - 003757056 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2018-03-14 02:21 - 2018-02-10 19:06 - 002295296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-03-14 02:21 - 2018-02-10 19:00 - 000661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-03-14 02:21 - 2018-02-10 18:57 - 015281664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-03-14 02:21 - 2018-02-10 18:46 - 002412544 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2018-03-14 02:21 - 2018-02-10 18:40 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-03-14 02:21 - 2018-02-10 18:23 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-03-14 02:21 - 2018-02-10 18:11 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-03-14 02:21 - 2018-02-08 19:37 - 002779648 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-03-14 02:21 - 2018-02-08 18:57 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-03-14 02:21 - 2018-02-02 22:42 - 003320832 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-03-14 02:21 - 2018-02-02 21:24 - 003610112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-03-14 02:21 - 2018-01-26 21:04 - 001115648 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2018-03-14 02:21 - 2018-01-11 20:28 - 001562624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2018-03-14 02:21 - 2018-01-11 20:19 - 002364928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcndmgr.dll
2018-03-14 02:21 - 2018-01-11 19:55 - 002003456 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2018-03-14 02:21 - 2018-01-11 19:42 - 002923520 _____ (Microsoft Corporation) C:\windows\system32\mmcndmgr.dll
2018-03-14 02:21 - 2018-01-11 19:13 - 001695744 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2018-03-14 02:21 - 2018-01-09 07:35 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-03-14 02:21 - 2018-01-09 07:19 - 001292288 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2018-03-14 02:21 - 2018-01-09 06:46 - 001096192 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2018-03-14 02:20 - 2018-03-03 09:24 - 000419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-03-14 02:20 - 2018-03-03 09:11 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-03-14 02:20 - 2018-03-03 09:11 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-03-14 02:20 - 2018-03-03 09:11 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-03-14 02:20 - 2018-03-03 09:11 - 001500432 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-03-14 02:20 - 2018-03-03 09:11 - 001371352 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2018-03-14 02:20 - 2018-03-03 07:23 - 000005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-03-14 02:20 - 2018-03-03 07:22 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-03-14 02:20 - 2018-02-16 17:51 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-03-14 02:20 - 2018-02-16 17:51 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-03-14 02:20 - 2018-02-16 17:28 - 000128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2018-03-14 02:20 - 2018-02-16 17:24 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-03-14 02:20 - 2018-02-16 17:24 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-03-14 02:20 - 2018-02-16 16:37 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-03-14 02:20 - 2018-02-16 16:37 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-03-14 02:20 - 2018-02-10 22:24 - 000178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS
2018-03-14 02:20 - 2018-02-10 21:29 - 000065888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS
2018-03-14 02:20 - 2018-02-10 21:29 - 000062304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000021856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000017240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys
2018-03-14 02:20 - 2018-02-10 21:25 - 000533856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys
2018-03-14 02:20 - 2018-02-10 21:06 - 000356184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2018-03-14 02:20 - 2018-02-10 19:50 - 000401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-03-14 02:20 - 2018-02-10 19:40 - 000577536 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-03-14 02:20 - 2018-02-10 19:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-03-14 02:20 - 2018-02-10 19:20 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-03-14 02:20 - 2018-02-10 19:03 - 000145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2018-03-14 02:20 - 2018-02-10 19:01 - 000617472 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2018-03-14 02:20 - 2018-02-10 18:59 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-03-14 02:20 - 2018-02-10 18:58 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-03-14 02:20 - 2018-02-10 18:54 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-03-14 02:20 - 2018-02-10 18:52 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-03-14 02:20 - 2018-02-10 18:50 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-03-14 02:20 - 2018-02-10 18:50 - 000380416 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-03-14 02:20 - 2018-02-10 18:48 - 001436672 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-03-14 02:20 - 2018-02-10 18:47 - 002134016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-03-14 02:20 - 2018-02-10 18:44 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-03-14 02:20 - 2018-02-10 18:43 - 000109056 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-03-14 02:20 - 2018-02-10 18:39 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-03-14 02:20 - 2018-02-10 18:35 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-03-14 02:20 - 2018-02-10 18:34 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-03-14 02:20 - 2018-02-10 18:34 - 000331776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-03-14 02:20 - 2018-02-10 18:33 - 002058240 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-03-14 02:20 - 2018-02-10 18:33 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-03-14 02:20 - 2018-02-10 18:30 - 000018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-03-14 02:20 - 2018-02-10 18:29 - 000084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-03-14 02:20 - 2018-02-10 18:12 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-03-14 02:20 - 2018-02-10 18:09 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-03-14 02:20 - 2018-01-12 20:18 - 000538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2018-03-14 02:20 - 2018-01-12 19:26 - 000393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2018-03-14 02:20 - 2018-01-11 20:39 - 000163328 _____ (Microsoft Corporation) C:\windows\SysWOW64\cic.dll
2018-03-14 02:20 - 2018-01-11 20:39 - 000114688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcshext.dll
2018-03-14 02:20 - 2018-01-11 20:34 - 000311296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcbase.dll
2018-03-14 02:20 - 2018-01-11 20:10 - 000202752 _____ (Microsoft Corporation) C:\windows\system32\cic.dll
2018-03-14 02:20 - 2018-01-11 20:10 - 000128000 _____ (Microsoft Corporation) C:\windows\system32\mmcshext.dll
2018-03-14 02:20 - 2018-01-11 20:04 - 000350208 _____ (Microsoft Corporation) C:\windows\system32\mmcbase.dll
2018-03-14 02:20 - 2018-01-10 16:48 - 000559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2018-03-14 02:20 - 2018-01-09 09:04 - 000276312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2018-03-14 02:20 - 2018-01-09 08:09 - 000309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2018-03-14 02:20 - 2018-01-09 08:06 - 000053248 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2018-03-14 02:20 - 2018-01-09 07:35 - 000289280 _____ (Microsoft Corporation) C:\windows\SysWOW64\compstui.dll
2018-03-14 02:20 - 2018-01-09 07:32 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2018-03-14 02:20 - 2018-01-09 07:29 - 000221184 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2018-03-14 02:20 - 2018-01-09 07:09 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2018-03-14 02:20 - 2018-01-09 07:05 - 000199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2018-03-14 02:20 - 2018-01-09 06:59 - 001060352 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2018-03-14 02:20 - 2018-01-09 06:49 - 000192512 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2018-03-14 02:20 - 2018-01-09 06:39 - 000167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2018-03-14 01:26 - 2018-02-14 23:45 - 000145024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-03-14 01:26 - 2018-02-13 16:20 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-03-14 01:26 - 2018-02-13 16:20 - 001560064 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000740864 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000655872 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000600576 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000451072 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000380928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-03-13 12:48 - 2018-03-13 12:48 - 000004470 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-27 16:16 - 2017-10-20 12:22 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-27 15:44 - 2016-11-16 22:19 - 000000000 ____D C:\Users\Katerina\AppData\LocalLow\Mozilla
2018-03-27 14:03 - 2014-12-23 18:46 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2920686228-2870246678-1652887067-1001
2018-03-27 13:58 - 2015-01-11 18:14 - 000316416 ___SH C:\Users\Katerina\Desktop\Thumbs.db
2018-03-27 13:56 - 2014-12-23 18:47 - 000000000 ___DO C:\Users\Katerina\OneDrive
2018-03-27 13:46 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-03-27 13:41 - 2014-10-17 07:20 - 000081286 _____ C:\windows\system32\perfh005.dat
2018-03-27 13:41 - 2014-10-17 07:20 - 000018024 _____ C:\windows\system32\perfc005.dat
2018-03-27 13:41 - 2014-03-18 11:53 - 000169084 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-27 13:36 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-27 13:36 - 2013-08-22 16:44 - 002407816 _____ C:\windows\system32\FNTCACHE.DAT
2018-03-27 13:35 - 2013-08-22 15:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-03-27 13:29 - 2017-10-16 15:46 - 000000000 ____D C:\ProgramData\BOINC
2018-03-27 13:28 - 2017-10-20 12:23 - 000000000 ____D C:\Users\Katerina\AppData\Roaming\TeamViewer
2018-03-27 13:26 - 2013-08-22 17:36 - 000000000 ____D C:\windows\ModemLogs
2018-03-27 13:13 - 2014-10-17 06:57 - 000000000 ____D C:\Program Files (x86)\Amazon
2018-03-27 13:03 - 2014-12-23 18:49 - 000003942 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A576ED12-E8E4-485A-A92A-8BA4DB83614C}
2018-03-27 13:00 - 2016-03-23 20:51 - 000002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-27 13:00 - 2016-03-23 20:51 - 000002250 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-24 18:27 - 2017-10-16 15:46 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-24 18:26 - 2016-11-16 09:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-24 18:26 - 2014-12-25 19:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-24 18:25 - 2014-12-23 18:38 - 000000000 ____D C:\Users\Katerina
2018-03-24 18:23 - 2017-08-16 06:22 - 000003910 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-24 18:21 - 2017-12-26 16:42 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-24 18:19 - 2016-10-18 20:35 - 000000000 ____D C:\Users\Katerina\Documents\Youcam
2018-03-24 18:18 - 2017-12-26 16:42 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-24 18:18 - 2015-11-27 21:23 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-03-23 09:04 - 2017-10-23 14:52 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-03-22 15:11 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-03-22 15:04 - 2014-12-25 19:18 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-20 21:55 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-03-20 19:51 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-03-17 11:34 - 2014-12-25 20:56 - 000000000 ____D C:\windows\system32\appraiser
2018-03-17 11:34 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-03-14 07:09 - 2017-11-10 15:32 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-14 07:09 - 2017-11-10 15:32 - 000000942 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-14 06:31 - 2014-12-25 15:50 - 000000000 ____D C:\windows\system32\MRT
2018-03-14 06:26 - 2017-10-11 05:53 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-03-14 06:25 - 2014-12-25 15:50 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-03-13 13:48 - 2017-10-18 17:26 - 000004548 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-13 13:48 - 2015-01-11 17:49 - 000004372 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 13:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-13 13:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-03-13 09:45 - 2017-10-16 15:48 - 000004088 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1508161663
2018-03-13 09:45 - 2017-10-16 15:48 - 000001369 _____ C:\Users\Katerina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-11 12:08 - 2016-03-20 18:14 - 000000000 ____D C:\Users\Katerina\Desktop\obrazky
2018-03-04 11:31 - 2016-03-23 20:55 - 000003894 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458759346
2018-03-04 11:31 - 2016-03-23 20:49 - 000003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-04 11:31 - 2016-03-23 20:49 - 000003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-04 11:31 - 2015-12-05 14:41 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-03-04 11:31 - 2015-11-27 21:00 - 000002798 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-03-04 11:31 - 2015-05-12 17:30 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-04 11:31 - 2014-10-17 06:57 - 000003512 _____ C:\windows\System32\Tasks\OFFICE2013ACT
2018-03-04 11:31 - 2014-10-17 06:57 - 000003142 _____ C:\windows\System32\Tasks\MirageAgent

==================== Files in the root of some directories =======

2017-09-04 19:15 - 2017-09-04 19:15 - 000003584 _____ () C:\Users\Katerina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2018-03-26 16:30 - 2018-03-26 16:30 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180326143037053.dll
2018-03-27 08:45 - 2018-03-27 08:45 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180327064520252.dll
2018-03-27 13:24 - 2018-03-27 13:24 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180327112429442.dll
2018-03-27 14:01 - 2018-03-27 14:01 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180327120114246.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-24 08:52

==================== End of FRST.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosím o kontrolu, PC používají děti

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan (Skenovanie) a pockaj na dokoncenie
  • Klikni na Clean (Cistenie) a potvrd kliknutim na OK
  • AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
  • Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Dennis
Návštěvník
Návštěvník
Příspěvky: 153
Registrován: 18 kvě 2009 06:38
Bydliště: Trutnov

Re: prosím o kontrolu, PC používají děti

#3 Příspěvek od Dennis »

# AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 28 15:15:30 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 8.1 Connected (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

Plugin deleted: SearchFormsOnline -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2039 B] - [2018/3/27 11:13:19]
C:/AdwCleaner/AdwCleaner[S0].txt - [2024 B] - [2018/3/27 11:12:49]
C:/AdwCleaner/AdwCleaner[S1].txt - [1118 B] - [2018/3/28 15:14:27]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosím o kontrolu, PC používají děti

#4 Příspěvek od Conder »

:arrow: Poprosim o nove logy z FRST (vloz obidva logy - FRST.txt a Addition.txt)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Dennis
Návštěvník
Návštěvník
Příspěvky: 153
Registrován: 18 kvě 2009 06:38
Bydliště: Trutnov

Re: prosím o kontrolu, PC používají děti

#5 Příspěvek od Dennis »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Katerina (administrator) on LENOVO-PC (28-03-2018 18:57:50)
Running from C:\Users\Katerina\Desktop
Loaded Profiles: Katerina (Available Profiles: Katerina)
Platform: Windows 8.1 Connected (Update) (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Wargaming.net) C:\Games\World_of_Warships\WargamingGameUpdater.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\wgc_watchdog.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-24] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Printsrv] => c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs [1256 2017-11-26] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-02-23] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3140384 2018-01-25] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [Wargaming.net Game Center] => C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe [2121976 2018-03-27] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Policies\Explorer: [NoDrives] 00000003

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{59017969-8467-4D8E-8E53-31C9D74D177F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {8B9EB039-63F1-4391-A523-60A7D41E15F7} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-03-24] (AVAST Software)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-24] (AVAST Software)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: nuxfrk69.default
FF ProfilePath: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default [2018-03-27]
FF Homepage: Mozilla\Firefox\Profiles\nuxfrk69.default -> moz-extension://2b69becb-becb-4911-8362-2f6deef8eb98/dynamicHomePage.html
FF Session Restore: Mozilla\Firefox\Profiles\nuxfrk69.default -> is enabled.
FF HomepageOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
FF NewTabOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
FF Extension: (Bing Search) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-15] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\sp@avast.com.xpi [2018-03-10]
FF Extension: (Avast Online Security) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\wrc@avast.com.xpi [2017-10-07]
FF Extension: (SearchFormsOnline) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\_jiMembers_@www.searchformsonline.com.xpi [2018-03-10]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\features\{332ed633-1bb2-4f2c-b6f0-117383c0fc79}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-26] [Legacy]
FF SearchPlugin: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\searchplugins\bing-.xml [2017-07-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2920686228-2870246678-1652887067-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-2920686228-2870246678-1652887067-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C210CZ91105D20171016&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default [2018-03-28]
CHR Extension: (Prezentace) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-23]
CHR Extension: (YouTube) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-30]
CHR Extension: (Avast SafePrice) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-11]
CHR Extension: (Tabulky) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-29]
CHR Extension: (Gmail) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-24] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-24] (AVAST Software)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-11] (Macrovision Europe Ltd.) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 TermService; C:\windows\System32\termsrv.dll [1115648 2018-01-26] (Microsoft Corporation) [File not signed]
R2 Themes; C:\windows\system32\themeservice.dll [59392 2014-10-29] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\windows\system32\mmcss.dll [71168 2014-10-29] (Microsoft Corporation) [File not signed]
R3 TimeBroker; C:\windows\System32\TimeBrokerServer.dll [262656 2014-10-29] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\windows\System32\trkwks.dll [124416 2014-10-29] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [106496 2014-10-29] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [41984 2014-10-29] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\windows\System32\umrdp.dll [301056 2017-06-11] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\windows\System32\upnphost.dll [457728 2014-10-29] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\windows\SysWOW64\upnphost.dll [331776 2014-10-29] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [260608 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vds; C:\windows\System32\vds.exe [1313792 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) [File not signed]
S3 VSS; C:\windows\system32\vssvc.exe [1455104 2016-02-05] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\windows\system32\w32time.dll [411648 2014-10-29] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\windows\system32\wbengine.exe [1574912 2016-08-11] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\windows\System32\wbiosrvc.dll [465920 2014-10-29] (Microsoft Corporation) [File not signed]
R2 Wcmsvc; C:\windows\System32\wcmsvc.dll [374784 2014-10-29] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\windows\System32\wcncsvc.dll [465920 2018-01-02] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\windows\System32\WcsPlugInService.dll [43520 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\windows\SysWOW64\WcsPlugInService.dll [34304 2014-10-29] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\windows\system32\wdi.dll [95744 2014-10-29] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\windows\SysWOW64\wdi.dll [84992 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\windows\system32\wdi.dll [95744 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\windows\SysWOW64\wdi.dll [84992 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WebClient; C:\windows\System32\webclnt.dll [228864 2016-06-09] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\windows\SysWOW64\webclnt.dll [199168 2016-06-09] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\windows\system32\wecsvc.dll [209408 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WEPHOSTSVC; C:\windows\system32\wephostsvc.dll [26112 2014-10-29] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\windows\System32\wercplsupport.dll [84992 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\windows\System32\WerSvc.dll [108544 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\windows\System32\wiarpc.dll [67584 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\windows\system32\winhttp.dll [795648 2018-01-02] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\windows\SysWOW64\winhttp.dll [626176 2018-01-02] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\windows\system32\wbem\WMIsvc.dll [230400 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\windows\system32\WsmSvc.dll [2608640 2017-11-24] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\windows\SysWOW64\WsmSvc.dll [2170880 2017-11-24] (Microsoft Corporation) [File not signed]
R2 WlanSvc; C:\windows\System32\wlansvc.dll [1547264 2018-01-02] (Microsoft Corporation) [File not signed]
R3 wlidsvc; C:\windows\system32\wlidsvc.dll [1639424 2014-10-29] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [201728 2014-10-29] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1478144 2014-10-29] (Microsoft Corporation) [File not signed]
S3 workfolderssvc; C:\windows\system32\workfolderssvc.dll [1673728 2016-02-03] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\windows\System32\wpcsvc.dll [12288 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\windows\SysWOW64\wpcsvc.dll [10240 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\windows\system32\wpdbusenum.dll [87040 2017-04-06] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\windows\System32\wscsvc.dll [146944 2016-01-06] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\windows\system32\SearchIndexer.exe [903168 2017-06-02] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\windows\SysWOW64\SearchIndexer.exe [710144 2017-06-02] (Microsoft Corporation) [File not signed]
S3 wuauserv; C:\windows\system32\wuaueng.dll [3717632 2017-10-14] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\windows\System32\WUDFSvc.dll [104960 2014-10-29] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\windows\System32\wwansvc.dll [513536 2014-10-29] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-24] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-24] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-24] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-24] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-24] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-24] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-24] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-24] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-24] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-24] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-24] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-24] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-24] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-24] (AVAST Software)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 TsUsbFlt; C:\windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\windows\System32\drivers\TsUsbGD.sys [29696 2014-10-29] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\windows\system32\DRIVERS\tunnel.sys [154112 2015-09-04] (Microsoft Corporation) [File not signed]
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S4 udfs; C:\windows\System32\DRIVERS\udfs.sys [316416 2015-03-13] (Microsoft Corporation) [File not signed]
R3 umbus; C:\windows\System32\drivers\umbus.sys [46080 2013-08-22] (Microsoft Corporation) [File not signed]
R3 UmPass; C:\windows\System32\drivers\umpass.sys [11776 2013-08-22] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\windows\system32\drivers\usbaudio.sys [121088 2014-03-18] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\windows\System32\drivers\usbcir.sys [98304 2014-10-29] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\windows\System32\drivers\usbohci.sys [30208 2015-10-10] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\windows\System32\drivers\usbuhci.sys [37376 2015-10-10] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\windows\System32\Drivers\usbvideo.sys [212736 2014-06-21] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\windows\System32\drivers\vwifibus.sys [24576 2016-08-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\windows\system32\DRIVERS\vwififlt.sys [71680 2016-08-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\windows\system32\DRIVERS\vwifimp.sys [38912 2016-08-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Wanarp; C:\windows\system32\DRIVERS\wanarp.sys [80384 2018-01-02] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\windows\system32\DRIVERS\wanarp.sys [80384 2018-01-02] (Microsoft Corporation) [File not signed]
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WinUsb; C:\windows\System32\drivers\WinUsb.sys [78848 2015-10-10] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\windows\System32\drivers\wmiacpi.sys [16384 2013-08-22] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\windows\system32\drivers\ws2ifsl.sys [21504 2013-08-22] (Microsoft Corporation) [File not signed]
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 WudfPf; C:\windows\System32\drivers\WudfPf.sys [113664 2014-10-29] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) [File not signed]
R3 WUDFSensorLP; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) [File not signed]
R3 WUDFWpdFs; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) [File not signed]
R3 WUDFWpdMtp; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) [File not signed]
S3 HWiNFO32; \??\C:\Users\Katerina\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-28 18:57 - 2018-03-28 18:58 - 000033693 _____ C:\Users\Katerina\Desktop\FRST.txt
2018-03-28 18:57 - 2018-03-27 16:18 - 002403328 _____ (Farbar) C:\Users\Katerina\Desktop\FRST64.exe
2018-03-28 17:03 - 2018-03-27 12:58 - 008222496 _____ (Malwarebytes) C:\Users\Katerina\Desktop\adwcleaner_7.0.8.0 (1).exe
2018-03-28 17:02 - 2018-03-28 17:03 - 000000000 ____D C:\Users\Katerina\Desktop\čistka
2018-03-27 16:19 - 2018-03-28 18:57 - 000000000 ____D C:\FRST
2018-03-27 16:18 - 2018-03-27 16:18 - 002403328 _____ (Farbar) C:\Users\Katerina\Downloads\FRST64.exe
2018-03-27 12:58 - 2018-03-28 17:22 - 000000000 ____D C:\AdwCleaner
2018-03-27 12:57 - 2018-03-27 12:58 - 008222496 _____ (Malwarebytes) C:\Users\Katerina\Downloads\adwcleaner_7.0.8.0 (1).exe
2018-03-26 16:29 - 2018-03-26 16:30 - 001129816 _____ (Google Inc.) C:\Users\Katerina\Downloads\ChromeSetup.exe
2018-03-24 18:22 - 2018-03-24 18:21 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-03-20 16:00 - 2018-03-02 20:55 - 000834552 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-03-20 16:00 - 2018-03-02 20:55 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 06:32 - 2017-10-04 10:21 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2018-03-14 06:32 - 2017-10-04 10:21 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2018-03-14 06:32 - 2017-10-04 05:45 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2018-03-14 06:32 - 2017-10-04 05:45 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2018-03-14 02:21 - 2018-03-03 09:24 - 007407960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-03-14 02:21 - 2018-02-18 22:53 - 004168704 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-03-14 02:21 - 2018-02-16 17:45 - 025742848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-03-14 02:21 - 2018-02-16 17:44 - 013678080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-03-14 02:21 - 2018-02-16 17:19 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-03-14 02:21 - 2018-02-15 17:15 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-03-14 02:21 - 2018-02-15 16:57 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-03-14 02:21 - 2018-02-10 21:29 - 000274272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2018-03-14 02:21 - 2018-02-10 21:08 - 001307328 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-03-14 02:21 - 2018-02-10 19:40 - 002901504 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-03-14 02:21 - 2018-02-10 19:37 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-03-14 02:21 - 2018-02-10 19:27 - 000817152 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-03-14 02:21 - 2018-02-10 19:10 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-03-14 02:21 - 2018-02-10 19:09 - 003757056 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2018-03-14 02:21 - 2018-02-10 19:06 - 002295296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-03-14 02:21 - 2018-02-10 19:00 - 000661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-03-14 02:21 - 2018-02-10 18:57 - 015281664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-03-14 02:21 - 2018-02-10 18:46 - 002412544 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2018-03-14 02:21 - 2018-02-10 18:40 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-03-14 02:21 - 2018-02-10 18:23 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-03-14 02:21 - 2018-02-10 18:11 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-03-14 02:21 - 2018-02-08 19:37 - 002779648 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-03-14 02:21 - 2018-02-08 18:57 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-03-14 02:21 - 2018-02-02 22:42 - 003320832 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-03-14 02:21 - 2018-02-02 21:24 - 003610112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-03-14 02:21 - 2018-01-26 21:04 - 001115648 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2018-03-14 02:21 - 2018-01-11 20:28 - 001562624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2018-03-14 02:21 - 2018-01-11 20:19 - 002364928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcndmgr.dll
2018-03-14 02:21 - 2018-01-11 19:55 - 002003456 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2018-03-14 02:21 - 2018-01-11 19:42 - 002923520 _____ (Microsoft Corporation) C:\windows\system32\mmcndmgr.dll
2018-03-14 02:21 - 2018-01-11 19:13 - 001695744 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2018-03-14 02:21 - 2018-01-09 07:35 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-03-14 02:21 - 2018-01-09 07:19 - 001292288 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2018-03-14 02:21 - 2018-01-09 06:46 - 001096192 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2018-03-14 02:20 - 2018-03-03 09:24 - 000419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-03-14 02:20 - 2018-03-03 09:11 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-03-14 02:20 - 2018-03-03 09:11 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-03-14 02:20 - 2018-03-03 09:11 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-03-14 02:20 - 2018-03-03 09:11 - 001500432 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-03-14 02:20 - 2018-03-03 09:11 - 001371352 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2018-03-14 02:20 - 2018-03-03 07:23 - 000005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-03-14 02:20 - 2018-03-03 07:22 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-03-14 02:20 - 2018-02-16 17:51 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-03-14 02:20 - 2018-02-16 17:51 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-03-14 02:20 - 2018-02-16 17:28 - 000128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2018-03-14 02:20 - 2018-02-16 17:24 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-03-14 02:20 - 2018-02-16 17:24 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-03-14 02:20 - 2018-02-16 16:37 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-03-14 02:20 - 2018-02-16 16:37 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-03-14 02:20 - 2018-02-10 22:24 - 000178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS
2018-03-14 02:20 - 2018-02-10 21:29 - 000065888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS
2018-03-14 02:20 - 2018-02-10 21:29 - 000062304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000021856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000017240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys
2018-03-14 02:20 - 2018-02-10 21:25 - 000533856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys
2018-03-14 02:20 - 2018-02-10 21:06 - 000356184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2018-03-14 02:20 - 2018-02-10 19:50 - 000401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-03-14 02:20 - 2018-02-10 19:40 - 000577536 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-03-14 02:20 - 2018-02-10 19:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-03-14 02:20 - 2018-02-10 19:20 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-03-14 02:20 - 2018-02-10 19:03 - 000145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2018-03-14 02:20 - 2018-02-10 19:01 - 000617472 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2018-03-14 02:20 - 2018-02-10 18:59 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-03-14 02:20 - 2018-02-10 18:58 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-03-14 02:20 - 2018-02-10 18:54 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-03-14 02:20 - 2018-02-10 18:52 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-03-14 02:20 - 2018-02-10 18:50 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-03-14 02:20 - 2018-02-10 18:50 - 000380416 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-03-14 02:20 - 2018-02-10 18:48 - 001436672 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-03-14 02:20 - 2018-02-10 18:47 - 002134016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-03-14 02:20 - 2018-02-10 18:44 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-03-14 02:20 - 2018-02-10 18:43 - 000109056 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-03-14 02:20 - 2018-02-10 18:39 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-03-14 02:20 - 2018-02-10 18:35 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-03-14 02:20 - 2018-02-10 18:34 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-03-14 02:20 - 2018-02-10 18:34 - 000331776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-03-14 02:20 - 2018-02-10 18:33 - 002058240 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-03-14 02:20 - 2018-02-10 18:33 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-03-14 02:20 - 2018-02-10 18:30 - 000018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-03-14 02:20 - 2018-02-10 18:29 - 000084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-03-14 02:20 - 2018-02-10 18:12 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-03-14 02:20 - 2018-02-10 18:09 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-03-14 02:20 - 2018-01-12 20:18 - 000538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2018-03-14 02:20 - 2018-01-12 19:26 - 000393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2018-03-14 02:20 - 2018-01-11 20:39 - 000163328 _____ (Microsoft Corporation) C:\windows\SysWOW64\cic.dll
2018-03-14 02:20 - 2018-01-11 20:39 - 000114688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcshext.dll
2018-03-14 02:20 - 2018-01-11 20:34 - 000311296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcbase.dll
2018-03-14 02:20 - 2018-01-11 20:10 - 000202752 _____ (Microsoft Corporation) C:\windows\system32\cic.dll
2018-03-14 02:20 - 2018-01-11 20:10 - 000128000 _____ (Microsoft Corporation) C:\windows\system32\mmcshext.dll
2018-03-14 02:20 - 2018-01-11 20:04 - 000350208 _____ (Microsoft Corporation) C:\windows\system32\mmcbase.dll
2018-03-14 02:20 - 2018-01-10 16:48 - 000559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2018-03-14 02:20 - 2018-01-09 09:04 - 000276312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2018-03-14 02:20 - 2018-01-09 08:09 - 000309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2018-03-14 02:20 - 2018-01-09 08:06 - 000053248 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2018-03-14 02:20 - 2018-01-09 07:35 - 000289280 _____ (Microsoft Corporation) C:\windows\SysWOW64\compstui.dll
2018-03-14 02:20 - 2018-01-09 07:32 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2018-03-14 02:20 - 2018-01-09 07:29 - 000221184 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2018-03-14 02:20 - 2018-01-09 07:09 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2018-03-14 02:20 - 2018-01-09 07:05 - 000199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2018-03-14 02:20 - 2018-01-09 06:59 - 001060352 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2018-03-14 02:20 - 2018-01-09 06:49 - 000192512 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2018-03-14 02:20 - 2018-01-09 06:39 - 000167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2018-03-14 01:26 - 2018-02-14 23:45 - 000145024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-03-14 01:26 - 2018-02-13 16:20 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-03-14 01:26 - 2018-02-13 16:20 - 001560064 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000740864 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000655872 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000600576 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000451072 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000380928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-03-13 12:48 - 2018-03-13 12:48 - 000004470 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-28 19:00 - 2014-12-23 18:49 - 000003942 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A576ED12-E8E4-485A-A92A-8BA4DB83614C}
2018-03-28 17:29 - 2014-12-23 18:46 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2920686228-2870246678-1652887067-1001
2018-03-28 17:23 - 2014-10-17 07:20 - 000081286 _____ C:\windows\system32\perfh005.dat
2018-03-28 17:23 - 2014-10-17 07:20 - 000018024 _____ C:\windows\system32\perfc005.dat
2018-03-28 17:23 - 2014-03-18 11:53 - 000169084 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-28 17:23 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-03-28 17:22 - 2014-12-23 18:47 - 000000000 ___DO C:\Users\Katerina\OneDrive
2018-03-28 17:17 - 2017-10-20 12:22 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-28 17:16 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-28 17:16 - 2013-08-22 15:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-03-27 17:57 - 2017-10-23 14:52 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-03-27 15:44 - 2016-11-16 22:19 - 000000000 ____D C:\Users\Katerina\AppData\LocalLow\Mozilla
2018-03-27 13:58 - 2015-01-11 18:14 - 000316416 ___SH C:\Users\Katerina\Desktop\Thumbs.db
2018-03-27 13:36 - 2013-08-22 16:44 - 002407816 _____ C:\windows\system32\FNTCACHE.DAT
2018-03-27 13:29 - 2017-10-16 15:46 - 000000000 ____D C:\ProgramData\BOINC
2018-03-27 13:28 - 2017-10-20 12:23 - 000000000 ____D C:\Users\Katerina\AppData\Roaming\TeamViewer
2018-03-27 13:26 - 2013-08-22 17:36 - 000000000 ____D C:\windows\ModemLogs
2018-03-27 13:13 - 2014-10-17 06:57 - 000000000 ____D C:\Program Files (x86)\Amazon
2018-03-27 13:00 - 2016-03-23 20:51 - 000002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-27 13:00 - 2016-03-23 20:51 - 000002250 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-24 18:27 - 2017-10-16 15:46 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-24 18:26 - 2016-11-16 09:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-24 18:26 - 2014-12-25 19:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-24 18:25 - 2014-12-23 18:38 - 000000000 ____D C:\Users\Katerina
2018-03-24 18:23 - 2017-08-16 06:22 - 000003910 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-24 18:21 - 2017-12-26 16:42 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-24 18:19 - 2016-10-18 20:35 - 000000000 ____D C:\Users\Katerina\Documents\Youcam
2018-03-24 18:18 - 2017-12-26 16:42 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-24 18:18 - 2015-11-27 21:23 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-03-22 15:11 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-03-22 15:04 - 2014-12-25 19:18 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-20 21:55 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-03-20 19:51 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-03-17 11:34 - 2014-12-25 20:56 - 000000000 ____D C:\windows\system32\appraiser
2018-03-17 11:34 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-03-14 07:09 - 2017-11-10 15:32 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-14 07:09 - 2017-11-10 15:32 - 000000942 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-14 06:31 - 2014-12-25 15:50 - 000000000 ____D C:\windows\system32\MRT
2018-03-14 06:26 - 2017-10-11 05:53 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-03-14 06:25 - 2014-12-25 15:50 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-03-13 13:48 - 2017-10-18 17:26 - 000004548 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-13 13:48 - 2015-01-11 17:49 - 000004372 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 13:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-13 13:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-03-13 09:45 - 2017-10-16 15:48 - 000004088 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1508161663
2018-03-13 09:45 - 2017-10-16 15:48 - 000001369 _____ C:\Users\Katerina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-11 12:08 - 2016-03-20 18:14 - 000000000 ____D C:\Users\Katerina\Desktop\obrazky
2018-03-04 11:31 - 2016-03-23 20:55 - 000003894 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458759346
2018-03-04 11:31 - 2016-03-23 20:49 - 000003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-04 11:31 - 2016-03-23 20:49 - 000003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-04 11:31 - 2015-12-05 14:41 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-03-04 11:31 - 2015-11-27 21:00 - 000002798 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-03-04 11:31 - 2015-05-12 17:30 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-04 11:31 - 2014-10-17 06:57 - 000003512 _____ C:\windows\System32\Tasks\OFFICE2013ACT
2018-03-04 11:31 - 2014-10-17 06:57 - 000003142 _____ C:\windows\System32\Tasks\MirageAgent

==================== Files in the root of some directories =======

2017-09-04 19:15 - 2017-09-04 19:15 - 000003584 _____ () C:\Users\Katerina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2018-03-26 16:30 - 2018-03-26 16:30 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180326143037053.dll
2018-03-27 08:45 - 2018-03-27 08:45 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180327064520252.dll
2018-03-27 13:24 - 2018-03-27 13:24 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180327112429442.dll
2018-03-27 14:01 - 2018-03-27 14:01 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180327120114246.dll
2018-03-28 15:41 - 2018-03-28 15:41 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180328134143498.dll
2018-03-28 17:23 - 2018-03-28 17:23 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180328152337716.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-24 08:52

==================== End of FRST.txt ============================
Přílohy
Addition.zip
(11.4 KiB) Staženo 76 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosím o kontrolu, PC používají děti

#6 Příspěvek od Conder »

:arrow: Odporucam odinstalovat McAfee WebAdvisor - zbytocnost, kedze tam uz je Avast.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    VirusTotal: c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs
    VirusTotal: C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs
    File: c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs
    File: C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs
    
    HKLM-x32\...\Run: [Printsrv] => c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs [1256 2017-11-26] ()
    HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    FF Homepage: Mozilla\Firefox\Profiles\nuxfrk69.default -> moz-extension://2b69becb-becb-4911-8362-2f6deef8eb98/dynamicHomePage.html
    FF Session Restore: Mozilla\Firefox\Profiles\nuxfrk69.default -> is enabled.
    FF HomepageOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    CHR HomePage: Default -> msn.com
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C210CZ91105D20171016&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    S3 HWiNFO32; \??\C:\Users\Katerina\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATTENTION
    
    Task: {271CB5A5-AECA-4503-B867-269311F561DF} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\Users\Katerina\Desktop\.device_info_73f8c446-a2e1-44ac-8fe2-5fcc48235898:$A [38]
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Dennis
Návštěvník
Návštěvník
Příspěvky: 153
Registrován: 18 kvě 2009 06:38
Bydliště: Trutnov

Re: prosím o kontrolu, PC používají děti

#7 Příspěvek od Dennis »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Katerina (28-03-2018 21:09:37) Run:1
Running from C:\Users\Katerina\Desktop
Loaded Profiles: Katerina (Available Profiles: Katerina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs
VirusTotal: C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs
File: c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs
File: C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs

HKLM-x32\...\Run: [Printsrv] => c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs [1256 2017-11-26] ()
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Homepage: Mozilla\Firefox\Profiles\nuxfrk69.default -> moz-extension://2b69becb-becb-4911-8362-2f6deef8eb98/dynamicHomePage.html
FF Session Restore: Mozilla\Firefox\Profiles\nuxfrk69.default -> is enabled.
FF HomepageOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
FF NewTabOverride: Mozilla\Firefox\Profiles\nuxfrk69.default -> Enabled: _jiMembers_@www.searchformsonline.com
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=C210CZ91105D20171016&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 HWiNFO32; \??\C:\Users\Katerina\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATTENTION

Task: {271CB5A5-AECA-4503-B867-269311F561DF} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\Katerina\Desktop\.device_info_73f8c446-a2e1-44ac-8fe2-5fcc48235898:$A [38]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
VirusTotal: c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs => https://www.virustotal.com/file/b382ceb ... 522264231/
VirusTotal: C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs => https://www.virustotal.com/file/3f9f89e ... 505763130/

========================= File: c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs ========================

c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\152.vbs
File not signed
MD5: 4EDA82E5F4BF692ADB041519AAB12561
Creation and modification date: 2018-01-28 15:13 - 2017-11-26 19:18
Size: 000001256
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs ========================

C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs
File not signed
MD5: 0E3E4394DC8EE5C82CFAD915B647B950
Creation and modification date: 2014-10-17 06:57 - 2012-03-08 10:01
Size: 000000133
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Printsrv" => removed successfully
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"FF Homepage: Mozilla\Firefox\Profiles\nuxfrk69.default -> moz-extension://2b69becb-becb-4911-8362-2f6deef8eb98/dynamicHomePage.html" => not found
"Firefox homepage" => removed successfully
"Firefox Session Restore" => removed successfully
"Firefox HomepageOverride (_jiMembers_@www.searchformsonline.com) " => removed successfully
"Firefox NewTabOverride (_jiMembers_@www.searchformsonline.com) " => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKLM\System\CurrentControlSet\Services\HWiNFO32" => removed successfully
HWiNFO32 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{271CB5A5-AECA-4503-B867-269311F561DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{271CB5A5-AECA-4503-B867-269311F561DF}" => removed successfully
C:\windows\System32\Tasks\OFFICE2013ACT => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OFFICE2013ACT" => removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\Users\Katerina\Desktop\.device_info_73f8c446-a2e1-44ac-8fe2-5fcc48235898 => ":$A" ADS removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30682562 B
Java, Flash, Steam htmlcache => 1305 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 61101460 B
Firefox => 35911117 B
Opera => 6572140 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 379405 B
systemprofile32 => 128 B
LocalService => 2906 B
NetworkService => 0 B
Katerina => 31889130 B

RecycleBin => 0 B
EmptyTemp: => 166.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:11:29 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosím o kontrolu, PC používají děti

#8 Příspěvek od Conder »

:arrow: Posli nove logy z FRST.

:arrow: McAfee Webadvisor si odinstaloval?

:arrow: Nastala nejaka zmena, pripadne su este nejake problemy s PC?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Dennis
Návštěvník
Návštěvník
Příspěvky: 153
Registrován: 18 kvě 2009 06:38
Bydliště: Trutnov

Re: prosím o kontrolu, PC používají děti

#9 Příspěvek od Dennis »

ano mcaffe odinstalované

PC vypadá že je rychlejší

log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Katerina (administrator) on LENOVO-PC (29-03-2018 09:05:36)
Running from C:\Users\Katerina\Desktop
Loaded Profiles: Katerina (Available Profiles: Katerina)
Platform: Windows 8.1 Connected (Update) (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Wargaming.net) C:\Games\World_of_Warships\WargamingGameUpdater.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\wgc_watchdog.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Opera Software) C:\Users\Katerina\AppData\Local\Programs\Opera\launcher.exe
(Opera Software) C:\Users\Katerina\AppData\Local\Programs\Opera\51.0.2830.55\opera_autoupdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-24] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-12-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167640 2012-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3140384 2018-01-25] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [Wargaming.net Game Center] => C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe [2121976 2018-03-27] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net)
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Policies\Explorer: [NoDrives] 00000003
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-03-29]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{59017969-8467-4D8E-8E53-31C9D74D177F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {8B9EB039-63F1-4391-A523-60A7D41E15F7} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-03-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-27] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: nuxfrk69.default
FF ProfilePath: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default [2018-03-28]
FF Extension: (Bing Search) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-15] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\sp@avast.com.xpi [2018-03-10]
FF Extension: (Avast Online Security) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\wrc@avast.com.xpi [2017-10-07]
FF Extension: (SearchFormsOnline) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\_jiMembers_@www.searchformsonline.com.xpi [2018-03-10]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\features\{332ed633-1bb2-4f2c-b6f0-117383c0fc79}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-26] [Legacy]
FF SearchPlugin: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\searchplugins\bing-.xml [2017-07-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2920686228-2870246678-1652887067-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-2920686228-2870246678-1652887067-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)

Chrome:
=======
CHR Profile: C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default [2018-03-28]
CHR Extension: (Prezentace) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-23]
CHR Extension: (YouTube) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-30]
CHR Extension: (Avast SafePrice) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-11]
CHR Extension: (Tabulky) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-29]
CHR Extension: (Gmail) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\Katerina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-27]
CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"mfesapsn" => service could not be unlocked. <==== ATTENTION

S2 0135621522306977mcinstcleanup; C:\Users\Katerina\AppData\Local\Temp\013562~1.EXE [1031928 2018-03-22] (McAfee, Inc.) <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-24] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-24] (AVAST Software)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-11] (Macrovision Europe Ltd.) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-24] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-24] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-24] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-24] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-24] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-24] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-24] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-09] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-24] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-24] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-24] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-24] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-24] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-24] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-24] (AVAST Software)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S5 mfesapsn; <==== ATTENTION: Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-29 09:05 - 2018-03-29 09:06 - 000020778 _____ C:\Users\Katerina\Desktop\FRST.txt
2018-03-28 18:57 - 2018-03-27 16:18 - 002403328 _____ (Farbar) C:\Users\Katerina\Desktop\FRST64.exe
2018-03-28 17:03 - 2018-03-27 12:58 - 008222496 _____ (Malwarebytes) C:\Users\Katerina\Desktop\adwcleaner_7.0.8.0 (1).exe
2018-03-28 17:02 - 2018-03-29 09:05 - 000000000 ____D C:\Users\Katerina\Desktop\čistka
2018-03-27 16:19 - 2018-03-29 09:05 - 000000000 ____D C:\FRST
2018-03-27 16:18 - 2018-03-27 16:18 - 002403328 _____ (Farbar) C:\Users\Katerina\Downloads\FRST64.exe
2018-03-27 12:58 - 2018-03-28 17:22 - 000000000 ____D C:\AdwCleaner
2018-03-27 12:57 - 2018-03-27 12:58 - 008222496 _____ (Malwarebytes) C:\Users\Katerina\Downloads\adwcleaner_7.0.8.0 (1).exe
2018-03-26 16:29 - 2018-03-26 16:30 - 001129816 _____ (Google Inc.) C:\Users\Katerina\Downloads\ChromeSetup.exe
2018-03-24 18:22 - 2018-03-24 18:21 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-03-20 16:00 - 2018-03-02 20:55 - 000834552 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-03-20 16:00 - 2018-03-02 20:55 - 000179704 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 06:32 - 2017-10-04 10:21 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2018-03-14 06:32 - 2017-10-04 10:21 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2018-03-14 06:32 - 2017-10-04 05:45 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2018-03-14 06:32 - 2017-10-04 05:45 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2018-03-14 02:21 - 2018-03-03 09:24 - 007407960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-03-14 02:21 - 2018-02-18 22:53 - 004168704 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-03-14 02:21 - 2018-02-16 17:45 - 025742848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-03-14 02:21 - 2018-02-16 17:44 - 013678080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-03-14 02:21 - 2018-02-16 17:19 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-03-14 02:21 - 2018-02-15 17:15 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-03-14 02:21 - 2018-02-15 16:57 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-03-14 02:21 - 2018-02-10 21:29 - 000274272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2018-03-14 02:21 - 2018-02-10 21:08 - 001307328 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-03-14 02:21 - 2018-02-10 19:40 - 002901504 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-03-14 02:21 - 2018-02-10 19:37 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-03-14 02:21 - 2018-02-10 19:27 - 000817152 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-03-14 02:21 - 2018-02-10 19:10 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-03-14 02:21 - 2018-02-10 19:09 - 003757056 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2018-03-14 02:21 - 2018-02-10 19:06 - 002295296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-03-14 02:21 - 2018-02-10 19:00 - 000661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-03-14 02:21 - 2018-02-10 18:57 - 015281664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-03-14 02:21 - 2018-02-10 18:46 - 002412544 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2018-03-14 02:21 - 2018-02-10 18:40 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-03-14 02:21 - 2018-02-10 18:23 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-03-14 02:21 - 2018-02-10 18:11 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-03-14 02:21 - 2018-02-08 19:37 - 002779648 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-03-14 02:21 - 2018-02-08 18:57 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-03-14 02:21 - 2018-02-02 22:42 - 003320832 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-03-14 02:21 - 2018-02-02 21:24 - 003610112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-03-14 02:21 - 2018-01-26 21:04 - 001115648 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2018-03-14 02:21 - 2018-01-11 20:28 - 001562624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2018-03-14 02:21 - 2018-01-11 20:19 - 002364928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcndmgr.dll
2018-03-14 02:21 - 2018-01-11 19:55 - 002003456 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2018-03-14 02:21 - 2018-01-11 19:42 - 002923520 _____ (Microsoft Corporation) C:\windows\system32\mmcndmgr.dll
2018-03-14 02:21 - 2018-01-11 19:13 - 001695744 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2018-03-14 02:21 - 2018-01-09 07:35 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-03-14 02:21 - 2018-01-09 07:19 - 001292288 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2018-03-14 02:21 - 2018-01-09 06:46 - 001096192 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2018-03-14 02:20 - 2018-03-03 09:24 - 000419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-03-14 02:20 - 2018-03-03 09:11 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-03-14 02:20 - 2018-03-03 09:11 - 001676064 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-03-14 02:20 - 2018-03-03 09:11 - 001536120 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-03-14 02:20 - 2018-03-03 09:11 - 001500432 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-03-14 02:20 - 2018-03-03 09:11 - 001371352 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2018-03-14 02:20 - 2018-03-03 07:23 - 000005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-03-14 02:20 - 2018-03-03 07:22 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-03-14 02:20 - 2018-02-16 17:51 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-03-14 02:20 - 2018-02-16 17:51 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-03-14 02:20 - 2018-02-16 17:28 - 000128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2018-03-14 02:20 - 2018-02-16 17:24 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-03-14 02:20 - 2018-02-16 17:24 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-03-14 02:20 - 2018-02-16 16:37 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-03-14 02:20 - 2018-02-16 16:37 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-03-14 02:20 - 2018-02-10 22:24 - 000178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS
2018-03-14 02:20 - 2018-02-10 21:29 - 000065888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS
2018-03-14 02:20 - 2018-02-10 21:29 - 000062304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000021856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys
2018-03-14 02:20 - 2018-02-10 21:29 - 000017240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys
2018-03-14 02:20 - 2018-02-10 21:25 - 000533856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys
2018-03-14 02:20 - 2018-02-10 21:06 - 000356184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2018-03-14 02:20 - 2018-02-10 19:50 - 000401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-03-14 02:20 - 2018-02-10 19:40 - 000577536 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-03-14 02:20 - 2018-02-10 19:26 - 000440832 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-03-14 02:20 - 2018-02-10 19:20 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-03-14 02:20 - 2018-02-10 19:03 - 000145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2018-03-14 02:20 - 2018-02-10 19:01 - 000617472 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2018-03-14 02:20 - 2018-02-10 18:59 - 000404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-03-14 02:20 - 2018-02-10 18:58 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-03-14 02:20 - 2018-02-10 18:54 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-03-14 02:20 - 2018-02-10 18:52 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-03-14 02:20 - 2018-02-10 18:50 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-03-14 02:20 - 2018-02-10 18:50 - 000380416 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-03-14 02:20 - 2018-02-10 18:48 - 001436672 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-03-14 02:20 - 2018-02-10 18:47 - 002134016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-03-14 02:20 - 2018-02-10 18:44 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-03-14 02:20 - 2018-02-10 18:43 - 000109056 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-03-14 02:20 - 2018-02-10 18:39 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-03-14 02:20 - 2018-02-10 18:35 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-03-14 02:20 - 2018-02-10 18:34 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-03-14 02:20 - 2018-02-10 18:34 - 000331776 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-03-14 02:20 - 2018-02-10 18:33 - 002058240 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-03-14 02:20 - 2018-02-10 18:33 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-03-14 02:20 - 2018-02-10 18:30 - 000018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-03-14 02:20 - 2018-02-10 18:29 - 000084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-03-14 02:20 - 2018-02-10 18:12 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-03-14 02:20 - 2018-02-10 18:09 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-03-14 02:20 - 2018-01-12 20:18 - 000538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2018-03-14 02:20 - 2018-01-12 19:26 - 000393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2018-03-14 02:20 - 2018-01-11 20:39 - 000163328 _____ (Microsoft Corporation) C:\windows\SysWOW64\cic.dll
2018-03-14 02:20 - 2018-01-11 20:39 - 000114688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcshext.dll
2018-03-14 02:20 - 2018-01-11 20:34 - 000311296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcbase.dll
2018-03-14 02:20 - 2018-01-11 20:10 - 000202752 _____ (Microsoft Corporation) C:\windows\system32\cic.dll
2018-03-14 02:20 - 2018-01-11 20:10 - 000128000 _____ (Microsoft Corporation) C:\windows\system32\mmcshext.dll
2018-03-14 02:20 - 2018-01-11 20:04 - 000350208 _____ (Microsoft Corporation) C:\windows\system32\mmcbase.dll
2018-03-14 02:20 - 2018-01-10 16:48 - 000559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2018-03-14 02:20 - 2018-01-09 09:04 - 000276312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2018-03-14 02:20 - 2018-01-09 08:09 - 000309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2018-03-14 02:20 - 2018-01-09 08:06 - 000053248 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2018-03-14 02:20 - 2018-01-09 07:35 - 000289280 _____ (Microsoft Corporation) C:\windows\SysWOW64\compstui.dll
2018-03-14 02:20 - 2018-01-09 07:32 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2018-03-14 02:20 - 2018-01-09 07:29 - 000221184 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2018-03-14 02:20 - 2018-01-09 07:09 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2018-03-14 02:20 - 2018-01-09 07:05 - 000199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2018-03-14 02:20 - 2018-01-09 06:59 - 001060352 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2018-03-14 02:20 - 2018-01-09 06:49 - 000192512 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2018-03-14 02:20 - 2018-01-09 06:39 - 000167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2018-03-14 01:26 - 2018-02-14 23:45 - 000145024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-03-14 01:26 - 2018-02-13 16:20 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-03-14 01:26 - 2018-02-13 16:20 - 001560064 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000740864 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000655872 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000600576 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000451072 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000380928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-03-14 01:26 - 2018-02-13 16:20 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-03-13 12:48 - 2018-03-13 12:48 - 000004470 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-29 09:00 - 2014-12-23 18:47 - 000000000 __RDO C:\Users\Katerina\OneDrive
2018-03-28 21:20 - 2014-10-17 07:20 - 000081286 _____ C:\windows\system32\perfh005.dat
2018-03-28 21:20 - 2014-10-17 07:20 - 000018024 _____ C:\windows\system32\perfc005.dat
2018-03-28 21:20 - 2014-03-18 11:53 - 000169084 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-28 21:20 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-03-28 21:19 - 2016-10-18 20:35 - 000000000 ____D C:\Users\Katerina\Documents\Youcam
2018-03-28 21:18 - 2014-12-23 18:49 - 000003942 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A576ED12-E8E4-485A-A92A-8BA4DB83614C}
2018-03-28 21:17 - 2015-01-11 18:14 - 000316416 ___SH C:\Users\Katerina\Desktop\Thumbs.db
2018-03-28 21:13 - 2017-10-20 12:22 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-28 21:12 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-28 21:12 - 2013-08-22 15:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-03-28 17:29 - 2014-12-23 18:46 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2920686228-2870246678-1652887067-1001
2018-03-27 17:57 - 2017-10-23 14:52 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-03-27 15:44 - 2016-11-16 22:19 - 000000000 ____D C:\Users\Katerina\AppData\LocalLow\Mozilla
2018-03-27 13:36 - 2013-08-22 16:44 - 002407816 _____ C:\windows\system32\FNTCACHE.DAT
2018-03-27 13:29 - 2017-10-16 15:46 - 000000000 ____D C:\ProgramData\BOINC
2018-03-27 13:28 - 2017-10-20 12:23 - 000000000 ____D C:\Users\Katerina\AppData\Roaming\TeamViewer
2018-03-27 13:26 - 2013-08-22 17:36 - 000000000 ____D C:\windows\ModemLogs
2018-03-27 13:13 - 2014-10-17 06:57 - 000000000 ____D C:\Program Files (x86)\Amazon
2018-03-27 13:00 - 2016-03-23 20:51 - 000002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-27 13:00 - 2016-03-23 20:51 - 000002250 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-24 18:27 - 2017-10-16 15:46 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-24 18:26 - 2016-11-16 09:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-24 18:26 - 2014-12-25 19:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-24 18:25 - 2014-12-23 18:38 - 000000000 ____D C:\Users\Katerina
2018-03-24 18:23 - 2017-08-16 06:22 - 000003910 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-24 18:21 - 2017-12-26 16:42 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-24 18:21 - 2015-11-27 21:23 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-24 18:18 - 2017-12-26 16:42 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-24 18:18 - 2017-08-16 06:22 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-24 18:18 - 2015-11-27 21:23 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-03-22 15:11 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-03-22 15:04 - 2014-12-25 19:18 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-20 21:55 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-03-20 19:51 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-03-17 11:34 - 2014-12-25 20:56 - 000000000 ____D C:\windows\system32\appraiser
2018-03-17 11:34 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-03-14 07:09 - 2017-11-10 15:32 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-14 07:09 - 2017-11-10 15:32 - 000000942 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-14 06:31 - 2014-12-25 15:50 - 000000000 ____D C:\windows\system32\MRT
2018-03-14 06:26 - 2017-10-11 05:53 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-03-14 06:25 - 2014-12-25 15:50 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-03-13 13:48 - 2017-10-18 17:26 - 000004548 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-13 13:48 - 2015-01-11 17:49 - 000004372 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 13:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-13 13:48 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-03-13 09:45 - 2017-10-16 15:48 - 000004088 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1508161663
2018-03-13 09:45 - 2017-10-16 15:48 - 000001369 _____ C:\Users\Katerina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-11 12:08 - 2016-03-20 18:14 - 000000000 ____D C:\Users\Katerina\Desktop\obrazky
2018-03-04 11:31 - 2016-03-23 20:55 - 000003894 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458759346
2018-03-04 11:31 - 2016-03-23 20:49 - 000003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-04 11:31 - 2016-03-23 20:49 - 000003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-04 11:31 - 2015-12-05 14:41 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-03-04 11:31 - 2015-11-27 21:00 - 000002798 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-03-04 11:31 - 2015-05-12 17:30 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-04 11:31 - 2014-10-17 06:57 - 000003142 _____ C:\windows\System32\Tasks\MirageAgent

==================== Files in the root of some directories =======

2017-09-04 19:15 - 2017-09-04 19:15 - 000003584 _____ () C:\Users\Katerina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2018-03-29 09:02 - 2018-03-22 23:08 - 001031928 _____ (McAfee, Inc.) C:\Users\Katerina\AppData\Local\Temp\0135621522306977mcinst.exe
2018-03-28 21:19 - 2018-03-28 21:19 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180328191903737.dll
2018-03-29 09:05 - 2018-03-29 09:05 - 002153984 _____ (Opera Software) C:\Users\Katerina\AppData\Local\Temp\Opera_installer_180329070532265.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-24 08:52

==================== End of FRST.txt ============================
Přílohy
Addition.zip
(11.66 KiB) Staženo 48 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosím o kontrolu, PC používají děti

#10 Příspěvek od Conder »

:arrow: Spusti este tento fixlist:

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    File: C:\Windows\jmesoft\Service.exe
    File: C:\Windows\jmesoft\JME_LOAD.exe
    File: C:\windows\jmesoft\hotkey.exe
    File: C:\Windows\jmesoft\ServiceLoader.exe 
    
    HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Policies\Explorer: [NoDrives] 00000003
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-03-29]
    ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
    SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {8B9EB039-63F1-4391-A523-60A7D41E15F7} URL = 
    FF Extension: (Bing Search) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-15] [Legacy]
    FF Extension: (SearchFormsOnline) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\_jiMembers_@www.searchformsonline.com.xpi [2018-03-10]
    FF SearchPlugin: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\searchplugins\bing-.xml [2017-07-15]
    CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    S2 0135621522306977mcinstcleanup; C:\Users\Katerina\AppData\Local\Temp\013562~1.EXE [1031928 2018-03-22] (McAfee, Inc.) <==== ATTENTION
    S5 mfesapsn;  <==== ATTENTION: Locked Service
    2018-03-24 18:27 - 2017-10-16 15:46 - 000000000 ____D C:\Program Files (x86)\McAfee
    C:\ProgramData\McAfee
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Dennis
Návštěvník
Návštěvník
Příspěvky: 153
Registrován: 18 kvě 2009 06:38
Bydliště: Trutnov

Re: prosím o kontrolu, PC používají děti

#11 Příspěvek od Dennis »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Katerina (30-03-2018 13:49:34) Run:2
Running from C:\Users\Katerina\Desktop
Loaded Profiles: Katerina (Available Profiles: Katerina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

File: C:\Windows\jmesoft\Service.exe
File: C:\Windows\jmesoft\JME_LOAD.exe
File: C:\windows\jmesoft\hotkey.exe
File: C:\Windows\jmesoft\ServiceLoader.exe

HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\...\Policies\Explorer: [NoDrives] 00000003
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-03-29]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2920686228-2870246678-1652887067-1001 -> {8B9EB039-63F1-4391-A523-60A7D41E15F7} URL =
FF Extension: (Bing Search) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-15] [Legacy]
FF Extension: (SearchFormsOnline) - C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\_jiMembers_@www.searchformsonline.com.xpi [2018-03-10]
FF SearchPlugin: C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\searchplugins\bing-.xml [2017-07-15]
CHR HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S2 0135621522306977mcinstcleanup; C:\Users\Katerina\AppData\Local\Temp\013562~1.EXE [1031928 2018-03-22] (McAfee, Inc.) <==== ATTENTION
S5 mfesapsn; <==== ATTENTION: Locked Service
2018-03-24 18:27 - 2017-10-16 15:46 - 000000000 ____D C:\Program Files (x86)\McAfee
C:\ProgramData\McAfee

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= File: C:\Windows\jmesoft\Service.exe ========================

C:\Windows\jmesoft\Service.exe
File not signed
MD5: E2CFDA7E9606FD5ECAB93E4817414661
Creation and modification date: 2014-10-17 06:35 - 2011-08-17 05:46
Size: 000032768
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/f60a1ef ... 522117128/

====== End of File: ======


========================= File: C:\Windows\jmesoft\JME_LOAD.exe ========================

C:\Windows\jmesoft\JME_LOAD.exe
File not signed
MD5: CB0B43F1D326AFFA5AA54954B2001233
Creation and modification date: 2014-10-17 06:35 - 2011-08-17 05:46
Size: 000024576
Attributes: ----A
Company Name:
Internal Name: Lenovo_LOAD
Original Name: JME_LOAD.EXE
Product: Lenovo_LOAD
Description: Lenovo_LOAD
File Version: 1, 2, 11, 517
Product Version: 1, 2, 11, 517
Copyright: 版权所有 (C) 2011
VirusTotal: https://www.virustotal.com/file/2443569 ... 518865641/

====== End of File: ======


========================= File: C:\windows\jmesoft\hotkey.exe ========================

C:\windows\jmesoft\hotkey.exe
File not signed
MD5: 17716C3DD52BF815291D80FAAF329AC7
Creation and modification date: 2014-10-17 06:35 - 2013-07-24 22:15
Size: 000118784
Attributes: ----A
Company Name: Lenovo
Internal Name: Hotkey
Original Name: Hotkey.exe
Product: Lenovo Black Silk USB Keyboard
Description: Lenovo Black Silk USB Keyboard
File Version: 1, 6, 13, 724
Product Version: 1, 6, 13, 724
Copyright: Lenovo
VirusTotal: https://www.virustotal.com/file/3e42fbe ... 522343349/

====== End of File: ======


========================= File: C:\Windows\jmesoft\ServiceLoader.exe ========================

C:\Windows\jmesoft\ServiceLoader.exe
File not signed
MD5: A7464F6ED03611109F435218E424AAB8
Creation and modification date: 2014-10-17 06:35 - 2011-08-17 05:46
Size: 000028672
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/2c582d2 ... 521953795/

====== End of File: ======

"HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => moved successfully
"ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)" => not found
"HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B9EB039-63F1-4391-A523-60A7D41E15F7}" => removed successfully
HKLM\Software\Classes\CLSID\{8B9EB039-63F1-4391-A523-60A7D41E15F7} => not found
C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\bingsearch.full@microsoft.com.xpi => moved successfully
C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\Extensions\_jiMembers_@www.searchformsonline.com.xpi => moved successfully
C:\Users\Katerina\AppData\Roaming\Mozilla\Firefox\Profiles\nuxfrk69.default\searchplugins\bing-.xml => moved successfully
"HKU\S-1-5-21-2920686228-2870246678-1652887067-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => removed successfully
"HKLM\System\CurrentControlSet\Services\0135621522306977mcinstcleanup" => removed successfully
0135621522306977mcinstcleanup => service removed successfully
mfesapsn => service not found.
C:\Program Files (x86)\McAfee => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9549035 B
Java, Flash, Steam htmlcache => 16009 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 378566862 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 4112 B
NetworkService => 0 B
Katerina => 23611325 B

RecycleBin => 186627 B
EmptyTemp: => 400.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:53:38 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: prosím o kontrolu, PC používají děti

#12 Příspěvek od Conder »

:arrow: Vyzera to uz OK.

:arrow: Ak uz nie su ziadne problemy s PC, tak este upraceme po pouzitych nastrojoch: :arrow: Skontroluj velkost plochy (C:\Users\Katerina\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět