Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Facebook vir

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Facebook vir

#1 Příspěvek od peknal »

Dobrý den , prosím o preventivní kontrolu se zaměření na facebook havět. Vir mi rozšiřuje sám od sebe žádosti o přátelství.
Díky moc předem za pomoc.

RSIT:logfile of random's system information tool 1.10 (written by random/random)
Run by milan at 2018-08-26 19:57:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 70 GB (46%) free of 153 GB
Total RAM: 1527 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:54, on 26.8.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19101)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files\Clarus\Drive Manager\Drive Manager.exe
C:\Program Files\Clarus\Drive Manager\ABRTMonM.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\milan\Downloads\RSIT (1).exe
C:\Program Files\trend micro\milan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Drive Manager] C:\Program Files\Clarus\Drive Manager\Drive Manager.exe -Hide
O4 - Global Startup: Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe,-100 (CIJSRegister) - CANON INC. - C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Drive Manager Service (SZDrvSvc_General) - Clarus, Inc. - C:\Program Files\Clarus\Drive Manager\SZDrvSvcM.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 6891 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-10 6252976]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2018-08-03 98024]
"CanonQuickMenu"=C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [2017-07-05 1313408]
"Drive Manager"=C:\Program Files\Clarus\Drive Manager\Drive Manager.exe [2016-05-12 8284376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLLSuite2016]
C:\Program Files\DLL Suite\DLLSuite.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Drive Manager Real-Time.lnk - C:\Program Files\Clarus\Drive Manager\ABRTMonM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2018-08-26 19:57:01 ----D---- C:\rsit
2018-08-15 07:09:05 ----A---- C:\Windows\system32\cscdll.dll
2018-08-15 07:09:05 ----A---- C:\Windows\system32\cscapi.dll
2018-08-15 07:09:00 ----A---- C:\Windows\system32\mshtml.dll
2018-08-15 07:08:55 ----A---- C:\Windows\system32\ieframe.dll
2018-08-15 07:08:53 ----A---- C:\Windows\system32\wininet.dll
2018-08-15 07:08:53 ----A---- C:\Windows\system32\jscript9.dll
2018-08-15 07:08:52 ----A---- C:\Windows\system32\iertutil.dll
2018-08-15 07:08:50 ----A---- C:\Windows\system32\urlmon.dll
2018-08-15 07:08:50 ----A---- C:\Windows\system32\ntkrnlpa.exe
2018-08-15 07:08:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-08-15 07:08:49 ----A---- C:\Windows\system32\msi.dll
2018-08-15 07:08:49 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-08-15 07:08:48 ----A---- C:\Windows\system32\msimg32.dll
2018-08-15 07:08:48 ----A---- C:\Windows\system32\mf3216.dll
2018-08-15 07:08:48 ----A---- C:\Windows\system32\jscript.dll
2018-08-15 07:08:47 ----A---- C:\Windows\system32\vbscript.dll
2018-08-15 07:08:47 ----A---- C:\Windows\system32\msfeeds.dll
2018-08-15 07:08:47 ----A---- C:\Windows\system32\ieapfltr.dll
2018-08-15 07:08:47 ----A---- C:\Windows\system32\drivers\viac7.sys
2018-08-15 07:08:47 ----A---- C:\Windows\system32\drivers\processr.sys
2018-08-15 07:08:47 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-08-15 07:08:47 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-08-15 07:08:47 ----A---- C:\Windows\system32\drivers\amdk8.sys
2018-08-15 07:08:46 ----A---- C:\Windows\system32\win32k.sys
2018-08-15 07:08:46 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-08-15 07:08:45 ----A---- C:\Windows\system32\ntdll.dll
2018-08-15 07:08:45 ----A---- C:\Windows\system32\msiexec.exe
2018-08-15 07:08:45 ----A---- C:\Windows\system32\iedkcs32.dll
2018-08-15 07:08:45 ----A---- C:\Windows\system32\fontsub.dll
2018-08-15 07:08:45 ----A---- C:\Windows\system32\drivers\ndis.sys
2018-08-15 07:08:44 ----A---- C:\Windows\system32\t2embed.dll
2018-08-15 07:08:44 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-08-15 07:08:44 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-08-15 07:08:44 ----A---- C:\Windows\system32\halmacpi.dll
2018-08-15 07:08:44 ----A---- C:\Windows\system32\halacpi.dll
2018-08-15 07:08:44 ----A---- C:\Windows\system32\hal.dll
2018-08-15 07:08:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-08-15 07:08:43 ----A---- C:\Windows\system32\webcheck.dll
2018-08-15 07:08:43 ----A---- C:\Windows\system32\jscript9diag.dll
2018-08-15 07:08:43 ----A---- C:\Windows\system32\hlink.dll
2018-08-15 07:08:43 ----A---- C:\Windows\system32\drivers\netio.sys
2018-08-15 07:08:43 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-08-15 07:08:43 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-08-15 07:08:43 ----A---- C:\Windows\system32\consent.exe
2018-08-15 07:08:43 ----A---- C:\Windows\system32\atmfd.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\wdigest.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\TSpkg.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\srcore.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\smss.exe
2018-08-15 07:08:42 ----A---- C:\Windows\system32\schannel.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\rstrui.exe
2018-08-15 07:08:42 ----A---- C:\Windows\system32\rpcrt4.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\msv1_0.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\lsasrv.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\kerberos.dll
2018-08-15 07:08:42 ----A---- C:\Windows\system32\advapi32.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\sspicli.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\srclient.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\secur32.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\rpchttp.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\ncrypt.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\lsass.exe
2018-08-15 07:08:41 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-08-15 07:08:41 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-08-15 07:08:41 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-08-15 07:08:41 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-08-15 07:08:41 ----A---- C:\Windows\system32\drivers\appid.sys
2018-08-15 07:08:41 ----A---- C:\Windows\system32\csrsrv.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\cryptbase.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\credssp.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\bcrypt.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\auditpol.exe
2018-08-15 07:08:41 ----A---- C:\Windows\system32\appidsvc.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-08-15 07:08:41 ----A---- C:\Windows\system32\appidapi.dll
2018-08-15 07:08:41 ----A---- C:\Windows\system32\apisetschema.dll
2018-08-15 07:08:40 ----A---- C:\Windows\system32\sspisrv.dll
2018-08-15 07:08:40 ----A---- C:\Windows\system32\msobjs.dll
2018-08-15 07:08:40 ----A---- C:\Windows\system32\msaudite.dll
2018-08-15 07:08:40 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-08-15 07:08:40 ----A---- C:\Windows\system32\adtschema.dll
2018-08-15 07:08:39 ----A---- C:\Windows\system32\ieui.dll
2018-08-15 07:08:37 ----A---- C:\Windows\system32\msrating.dll
2018-08-15 07:08:37 ----A---- C:\Windows\system32\mshtmled.dll
2018-08-15 07:08:37 ----A---- C:\Windows\system32\dxtrans.dll
2018-08-15 07:08:37 ----A---- C:\Windows\system32\dxtmsft.dll
2018-08-15 07:08:37 ----A---- C:\Windows\system32\authui.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\occache.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\msihnd.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\jsproxy.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\inseng.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\ieUnatt.exe
2018-08-15 07:08:36 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-08-15 07:08:36 ----A---- C:\Windows\system32\ie4uinit.exe
2018-08-15 07:08:35 ----A---- C:\Windows\system32\tzres.dll
2018-08-15 07:08:35 ----A---- C:\Windows\system32\lpk.dll
2018-08-15 07:08:35 ----A---- C:\Windows\system32\iesetup.dll
2018-08-15 07:08:35 ----A---- C:\Windows\system32\iernonce.dll
2018-08-15 07:08:35 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-08-15 07:08:35 ----A---- C:\Windows\system32\dciman32.dll
2018-08-15 07:08:35 ----A---- C:\Windows\system32\atmlib.dll
2018-08-15 07:08:35 ----A---- C:\Windows\system32\appinfo.dll
2018-08-15 07:08:34 ----A---- C:\Windows\system32\msimsg.dll
2018-08-15 07:08:33 ----A---- C:\Windows\system32\ieetwcollectorres.dll

======List of files/folders modified in the last 1 month======

2018-08-26 19:57:17 ----D---- C:\Windows\Prefetch
2018-08-26 19:57:10 ----D---- C:\Windows\Temp
2018-08-26 19:57:10 ----D---- C:\Program Files\trend micro
2018-08-26 19:37:29 ----D---- C:\Windows\system32\config
2018-08-26 19:03:34 ----SHD---- C:\System Volume Information
2018-08-22 13:42:48 ----D---- C:\ProgramData\CanonIJPLM
2018-08-16 13:06:55 ----D---- C:\Windows\System32
2018-08-16 13:06:55 ----D---- C:\Windows\inf
2018-08-16 13:06:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-16 12:31:05 ----D---- C:\Windows\rescache
2018-08-16 11:21:41 ----SHD---- C:\Windows\Installer
2018-08-16 11:21:40 ----D---- C:\Config.Msi
2018-08-16 10:55:02 ----D---- C:\Windows\winsxs
2018-08-16 10:48:02 ----D---- C:\Program Files\Internet Explorer
2018-08-16 10:48:00 ----D---- C:\Windows\system32\drivers
2018-08-16 10:48:00 ----D---- C:\Windows\system32\cs-CZ
2018-08-16 10:47:58 ----D---- C:\Windows\system32\en-US
2018-08-16 10:47:48 ----D---- C:\Windows\system32\migration
2018-08-16 10:47:45 ----D---- C:\Windows\system32\DriverStore
2018-08-15 23:17:46 ----D---- C:\Windows\Microsoft.NET
2018-08-15 23:06:42 ----RSD---- C:\Windows\assembly
2018-08-15 22:50:24 ----D---- C:\Windows\system32\MRT
2018-08-15 22:50:11 ----AC---- C:\Windows\system32\MRT.exe
2018-08-15 22:49:55 ----D---- C:\ProgramData\Microsoft Help
2018-08-15 22:49:54 ----A---- C:\Windows\win.ini
2018-08-15 22:30:05 ----D---- C:\Windows\system32\catroot2
2018-08-15 07:11:24 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-08-15 07:11:16 ----D---- C:\Windows\system32\Macromed
2018-08-15 06:18:24 ----D---- C:\ProgramData\Package Cache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2017-06-13 46440]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 173288]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2018-07-07 147880]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2017-03-02 35840]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2018-07-07 132448]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2017-03-02 59000]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-14 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 mvdM23;mvdM23; \??\C:\Program Files\Clarus\Drive Manager\mvdM23.sys [2015-12-02 90160]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-20 10064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2018-02-10 52928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 94208]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 cpuz134;cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-12-08 101040]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2018-02-10 51904]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-12-08 192944]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2018-02-10 52928]
S3 ViaC7;Ovladač procesoru VIA C7; C:\Windows\system32\drivers\viac7.sys [2018-08-02 53248]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2018-08-08 231176]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2018-08-08 231176]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2018-08-03 431144]
R2 CIJSRegister;@C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe,-100; C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe [2016-06-02 153736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2017-07-11 391744]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SZDrvSvc_General;Drive Manager Service; C:\Program Files\Clarus\Drive Manager\SZDrvSvcM.exe [2016-05-12 24792]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-20 1479488]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [2018-08-08 890896]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2018-08-08 1148568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-15 335872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-07-19 104960]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2017-10-04 47200]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Facebook vir

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
:arrow: Odporucam odinstalovat program Spybot, tento program je uz zastaraly.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Re: Facebook vir

#3 Příspěvek od peknal »

Dobrý den, moc děkuji zasílám LOg .Spyboot jsem nenašel mezi instalovanými programy.Jak na to ?
-------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-27-2018
# Duration: 00:00:30
# OS: Windows 7 Home Premium
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted izito.cz

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1344 octets] - [27/08/2018 07:20:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Facebook vir

#4 Příspěvek od Conder »

:arrow: Tak zrejme to boli iba nejake zbytky po Spybot.

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=154679
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Re: Facebook vir

#5 Příspěvek od peknal »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by milan (27-08-2018 16:49:07)
Running from C:\Users\milan\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2012-01-01 14:04:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2709638672-2288162957-48926482-500 - Administrator - Enabled)
Guest (S-1-5-21-2709638672-2288162957-48926482-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2709638672-2288162957-48926482-1004 - Limited - Enabled)
milan (S-1-5-21-2709638672-2288162957-48926482-1000 - Administrator - Enabled) => C:\Users\milan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{6553F4A8-B67F-49BA-A882-FF499C83CF4B}) (Version: 8.1.4 - Hewlett-Packard) Hidden
7-Zip 9.17 beta (HKLM\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Avira (HKLM\...\{3EF074FE-D7BB-4237-A254-5E9D36C8DACA}) (Version: 1.2.118.18106 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{890aaa3c-e398-43d7-bbe0-f109738dd071}) (Version: 1.2.118.18106 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.39.5 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Balíček ovladače systému Windows - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\813EA266E806F300A8DAF30E5D823E268290B5D6) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Balíček ovladače systému Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\13729598EDD1F263DD26E8584C5F347C88091A2E) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Balíček ovladače systému Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\2A46B60EC8D844CB8197312FE2B88EF0F6B7E935) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Balíček ovladače systému Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\ECAD4CB7FB923B839B29420FF9DFC73C3D3D28FE) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Balíček ovladače systému Windows - Broadcom HIDClass (09/11/2009 6.3.0.1500) (HKLM\...\CA3B55EAB525669DA92EC19475AF574597822688) (Version: 09/11/2009 6.3.0.1500 - Broadcom)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon TS8000 series Elektronická příručka (HKLM\...\Canon TS8000 series Elektronická příručka) (Version: 1.1.0 - Canon Inc.)
Canon TS8000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS8000_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Drive Manager (HKLM\...\{7AE0C124-77B6-4111-8BD1-26D218CE231B}) (Version: 1.0.179 - Clarus, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP Commercial Scanjet 5590 TWAIN Driver (HKLM\...\HP Commercial Scanjet 5590 TWAIN Driver) (Version: - )
HPScanjet5590Corporate11 (HKLM\...\{4E985169-A6AF-4FAE-83F4-ACC9C21A3BFC}) (Version: 2.10.0000 - Název společnosti:)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
kruhova-vysec version 1.0.2.0 (HKLM\...\kruhova-vysec 1.0.2.0_is1) (Version: - Company: Pepinator)
Microsoft .NET Framework 4.7.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0405-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Registrace uživatele zařízení Canon TS8000 series (HKLM\...\Registrace uživatele zařízení Canon TS8000 series) (Version: - ‭Canon Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Seznam Software (HKU\S-1-5-21-2709638672-2288162957-48926482-1000\...\SeznamInstall) (Version: 2.1.30 - Seznam.cz)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.57a - Ghisler Software GmbH)
TuneUp Utilities 2012 (HKLM\...\{32364CEA-7855-4A3C-B674-53D8E9B97936}) (Version: 12.0.2030.10 - TuneUp Software) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.2030.10 - TuneUp Software)
TuneUp Utilities Language Pack (en-US) (HKLM\...\{A95A76C9-6F65-477E-83A0-9F884B6DC21B}) (Version: 12.0.2030.10 - TuneUp Software) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\AntiVir Desktop\shlext.dll [2018-08-08] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll [2011-10-20] (TuneUp Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-10-04] (Igor Pavlov)
ContextMenuHandlers4: [TuneUp Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll [2011-10-20] (TuneUp Software)
ContextMenuHandlers4: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll [2011-10-20] (TuneUp Software)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\AntiVir Desktop\shlext.dll [2018-08-08] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C3BB27E-4FBD-4CB5-93FA-D245061295B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {10302E6B-9BCB-42F9-A498-A400D7D271FF} - System32\Tasks\Google Updater and Installer => C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2FD49FF4-7357-4674-81B3-FF4BE32EE33B} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-11-14] ()
Task: {46FE9CF7-2516-47E6-B369-0DC87A5FD46C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {50872817-E927-4B65-BAB3-FC2807102A7F} - System32\Tasks\Adobe online aktualizační program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {53FC82D3-3DB6-428C-BEC6-B1EF86A4F05A} - \AutoKMS -> No File <==== ATTENTION
Task: {6AEF310E-F4B2-4E6D-BF73-4CBC73F255EE} - \{6F435692-3137-40F5-A3B6-C2F369BC71B6} -> No File <==== ATTENTION
Task: {882AA2F3-6392-47DF-B3C3-19D8E5A03E4D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-15] (Adobe Systems Incorporated)
Task: {94314F6B-D619-41EC-B995-7B0E088E3AA2} - System32\Tasks\{A8BDAC5B-2BDC-4E6A-9C32-9F79437DED9A} => C:\Windows\system32\pcalua.exe -a C:\Users\milan\Desktop\kamera\cnr-wcam_345_drv_xpwv3264w73264_111103.exe -d C:\Users\milan\Desktop\kamera
Task: {9F53177C-23F8-457C-B69A-AD362E0A090F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-15] (Adobe Systems Incorporated)
Task: {AA50F9C0-D4E5-4E8B-B110-03A4E277086A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {B179B957-AA1A-47E8-9E0A-522E19D1A6C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {BB8DC964-30CD-42B7-AE5D-EBC197BB8B76} - \{4897B830-B093-42FF-86DA-19A193F425B6} -> No File <==== ATTENTION
Task: {EAFC8DAD-CF85-4D60-B443-5B54BF7936C9} - System32\Tasks\{AF383947-9332-4994-B769-CFA722C8E1E7} => C:\Program Files\Služební dokumenty\Dokumenty.exe
Task: {ED411AAC-1E7A-4F4D-8532-FDDFDFE23532} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-10-20] (TuneUp Software)
Task: {EF9B1BAE-795A-41C7-88EF-118BD4FD9931} - \{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10} -> No File <==== ATTENTION
Task: {F7343D6A-2D95-47C3-BE14-B5D7870BC9AB} - \{D159E7B9-CBE8-4198-9F76-E61B99C9CC13} -> No File <==== ATTENTION
Task: {F9E6FA26-C18A-42C6-B34F-8385E350D248} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2018-08-08] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\milan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,1024

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-13 08:28 - 2014-06-10 00:00 - 000914352 _____ () C:\Program Files\Android-Sync\bin\adb.exe
2018-08-08 20:59 - 2018-08-08 20:57 - 001204472 _____ () C:\Program Files\Avira\AntiVir Desktop\crypto-42.dll
2018-08-08 20:59 - 2018-08-08 20:57 - 000243352 _____ () C:\Program Files\Avira\AntiVir Desktop\ssl-44.dll
2018-01-16 21:45 - 2017-07-11 11:36 - 000391744 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2018-08-08 22:25 - 2018-08-08 02:55 - 002260824 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\swiftshader\libglesv2.dll
2018-08-08 22:25 - 2018-08-08 02:55 - 000124248 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\milan\Documents\2014-10-01 18.43.23.jpg:com.dropbox.attributes [1030]
AlternateDataStreams: C:\Users\milan\Documents\2014-10-01 18.43.32.jpg:com.dropbox.attributes [1038]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2709638672-2288162957-48926482-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2709638672-2288162957-48926482-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2709638672-2288162957-48926482-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\milan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.88.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: DLLSuite2016 => C:\Program Files\DLL Suite\DLLSuite.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8CE4723F-E3F0-41FD-836A-DD76FE3868D7}C:\windows\pixtran\pixnetsr.exe] => (Allow) C:\windows\pixtran\pixnetsr.exe
FirewallRules: [UDP Query User{17CFE34D-3224-46F1-BA45-322451B3B66D}C:\windows\pixtran\pixnetsr.exe] => (Allow) C:\windows\pixtran\pixnetsr.exe
FirewallRules: [{899D2477-74BB-4F9B-9B2A-DEDA3362E2C9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{85D68649-D553-425D-8AA2-E79C5EBB9EC1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{49B09CBE-FC61-44E4-AE3D-81C2C3197B36}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{422C0B01-85F1-4122-A2EB-BCD356C9D7DF}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [TCP Query User{9CD3235C-B0E1-4AAF-B28D-4AB1C3E90141}G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{5A5E2B36-050A-479B-81D9-2253B508E3D4}G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [{1378DBE3-DC66-43F9-A1F3-C2A924D3378C}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{C0603E57-1A1A-46EB-8437-4C76F4A97A58}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{3D195FE7-27B1-424D-A176-EC1B71C2CFB8}] => (Allow) C:\Users\milan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{257EA52B-A8B1-4B7F-8947-95E37B3F5482}] => (Allow) C:\Users\milan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{833D8DFF-E9B9-4529-AF08-70E6F35BF4EE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-08-2018 07:05:05 Windows Update
13-08-2018 07:07:50 Windows Zálohování
15-08-2018 22:27:35 Windows Update
19-08-2018 08:28:15 Windows Update
19-08-2018 19:00:45 Windows Zálohování
23-08-2018 07:03:25 Windows Update
26-08-2018 09:39:26 Windows Update
26-08-2018 19:02:32 Windows Zálohování

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2018 06:55:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CNQMUPDT.EXE, verze: 2.8.5.0, časové razítko: 0x595c7036
Název chybujícího modulu: CNMDWLD.DLL, verze: 1.0.0.0, časové razítko: 0x4f5eedc8
Kód výjimky: 0xc0000005
Posun chyby: 0x000023c6
ID chybujícího procesu: 0x68c
Čas spuštění chybující aplikace: 0x01d4383fec9e3250
Cesta k chybující aplikaci: C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
Cesta k chybujícímu modulu: C:\Program Files\Canon\Quick Menu\CNMDWLD.DLL
ID zprávy: 3b9a9ad0-a435-11e8-8a38-0015f24b70f0

Error: (08/13/2018 06:55:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CNQMUPDT.EXE, verze: 2.8.5.0, časové razítko: 0x595c7036
Název chybujícího modulu: CNMDWLD.DLL, verze: 1.0.0.0, časové razítko: 0x4f5eedc8
Kód výjimky: 0xc0000005
Posun chyby: 0x000023c6
ID chybujícího procesu: 0xb40
Čas spuštění chybující aplikace: 0x01d432c0b8d77b3b
Cesta k chybující aplikaci: C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
Cesta k chybujícímu modulu: C:\Program Files\Canon\Quick Menu\CNMDWLD.DLL
ID zprávy: 16ba87b4-9eb5-11e8-a0f9-0015f24b70f0

Error: (08/09/2018 11:52:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OUTLOOK.EXE, verze: 14.0.7113.5000, časové razítko: 0x527d636c
Název chybujícího modulu: wwlib.dll, verze: 14.0.7015.1000, časové razítko: 0x51cca86e
Kód výjimky: 0xc0000005
Posun chyby: 0x00077efd
ID chybujícího procesu: 0xc30
Čas spuštění chybující aplikace: 0x01d42fc51a103671
Cesta k chybující aplikaci: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Cesta k chybujícímu modulu: C:\Program Files\Microsoft Office\Office14\wwlib.dll
ID zprávy: f4551b5d-9bb9-11e8-8add-0015f24b70f0

Error: (08/07/2018 10:40:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OneClick.exe, verze: 12.0.2030.10, časové razítko: 0x4ea01c20
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24168, časové razítko: 0x5b1aa758
Kód výjimky: 0xc0000005
Posun chyby: 0x00052851
ID chybujícího procesu: 0x368
Čas spuštění chybující aplikace: 0x01d42e102a95b063
Cesta k chybující aplikaci: C:\Program Files\TuneUp Utilities 2012\OneClick.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 83a838f4-9a1d-11e8-a4d6-0015f24b70f0

Error: (08/02/2018 03:35:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OneClick.exe, verze: 12.0.2030.10, časové razítko: 0x4ea01c20
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24168, časové razítko: 0x5b1aa758
Kód výjimky: 0xc0000005
Posun chyby: 0x00052851
ID chybujícího procesu: 0x177c
Čas spuštění chybující aplikace: 0x01d42a4cec8bbc7c
Cesta k chybující aplikaci: C:\Program Files\TuneUp Utilities 2012\OneClick.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: ecab021e-9658-11e8-8720-0015f24b70f0

Error: (07/30/2018 06:55:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CNQMUPDT.EXE, verze: 2.8.5.0, časové razítko: 0x595c7036
Název chybujícího modulu: CNMDWLD.DLL, verze: 1.0.0.0, časové razítko: 0x4f5eedc8
Kód výjimky: 0xc0000005
Posun chyby: 0x000023c6
ID chybujícího procesu: 0x378
Čas spuštění chybující aplikace: 0x01d427c18232d94a
Cesta k chybující aplikaci: C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
Cesta k chybujícímu modulu: C:\Program Files\Canon\Quick Menu\CNMDWLD.DLL
ID zprávy: c9ef8201-93b4-11e8-95df-0015f24b70f0

Error: (07/22/2018 10:24:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CNQMUPDT.EXE, verze: 2.8.5.0, časové razítko: 0x595c7036
Název chybujícího modulu: CNMDWLD.DLL, verze: 1.0.0.0, časové razítko: 0x4f5eedc8
Kód výjimky: 0xc0000005
Posun chyby: 0x000023c6
ID chybujícího procesu: 0x904
Čas spuštění chybující aplikace: 0x01d4217ffe729d55
Cesta k chybující aplikaci: C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
Cesta k chybujícímu modulu: C:\Program Files\Canon\Quick Menu\CNMDWLD.DLL
ID zprávy: acd1a551-8d88-11e8-8126-0015f24b70f0

Error: (07/22/2018 09:54:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE verze 6.1.7601.23537 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: de0

Čas spuštění: 01d4217f7fb4ad5c

Čas ukončení: 11380

Cesta k aplikaci: C:\Windows\Explorer.EXE

ID hlášení: 5983f063-8d84-11e8-8126-0015f24b70f0


System errors:
=============
Error: (08/27/2018 04:49:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/27/2018 04:45:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/27/2018 04:39:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/27/2018 04:34:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/27/2018 04:30:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/27/2018 04:24:58 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/27/2018 04:19:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/27/2018 04:15:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.


Windows Defender:
===================================
Date: 2017-08-12 03:33:14.791
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{8ECD1FE0-A492-4454-9016-D4D0CE2A09F0}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-11-21 05:26:56.984
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{EB7DBE3C-616D-41D1-A463-E7EEBD2F9366}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2015-11-12 04:28:47.821
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BA1751A1-A01A-4A8F-AE8A-20AF0CA04CF1}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2018-07-04 07:28:38.497
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci.
Nová verze podpisu:1.271.442.0
Předchozí verze podpisu:1.269.1075.0
Zdroj aktualizace:Uživatel
Typ podpisu:Antispywarový program
Typ aktualizace:Delta
Uživatel:NT AUTHORITY\SYSTEM
Aktuální verze modulu:1.1.15000.2
Předchozí verze modulu:1.1.14901.4
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2018-07-04 07:28:38.497
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.15000.2
Předchozí verze modulu:1.1.14901.4
Zdroj aktualizace:Uživatel
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===================================

Date: 2018-07-10 06:12:31.609
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-30 11:07:28.265
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-21 06:13:00.437
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-15 06:15:40.859
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of memory in use: 59%
Total physical RAM: 1526.8 MB
Available physical RAM: 610.95 MB
Total Virtual: 3053.61 MB
Available Virtual: 1806.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:68.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:189.91 GB) (Free:89.99 GB) NTFS
Drive f: (VERBATIM HD) (Fixed) (Total:465.76 GB) (Free:11.47 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 000DD66B)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 189.9 GB) (Disk ID: CBF61413)
Partition 1: (Not Active) - (Size=189.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 38EE6082)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
Ran by milan (administrator) on MILAN-PC (27-08-2018 16:44:25)
Running from C:\Users\milan\Desktop
Loaded Profiles: milan (Available Profiles: milan)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(hxxp://www.android-sync.com) C:\Program Files\Android-Sync\AndroidSync.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Clarus, Inc.) C:\Program Files\Clarus\Drive Manager\Drive Manager.exe
(Clarus, Inc.) C:\Program Files\Clarus\Drive Manager\ABRTMonM.exe
() C:\Program Files\Android-Sync\bin\adb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(CANON INC.) C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Clarus, Inc.) C:\Program Files\Clarus\Drive Manager\SZDrvSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AndroidSync] => C:\Program Files\Android-Sync\AndroidSync.exe [6252976 2014-06-10] (hxxp://www.android-sync.com)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (CANON INC.)
HKLM\...\Run: [Drive Manager] => C:\Program Files\Clarus\Drive Manager\Drive Manager.exe [8284376 2016-05-12] (Clarus, Inc.)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2709638672-2288162957-48926482-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2709638672-2288162957-48926482-1000\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Drive Manager Real-Time.lnk [2018-02-20]
ShortcutTarget: Drive Manager Real-Time.lnk -> C:\Program Files\Clarus\Drive Manager\ABRTMonM.exe (Clarus, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{60FE4FEA-55D3-41E7-9E05-1DFF5EC5BDA7}: [DhcpNameServer] 192.168.88.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2709638672-2288162957-48926482-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FireFox:
========
FF ProfilePath: C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default [2016-01-13]
FF Homepage: TomTom\HOME\Profiles\dnqr7n0g.default -> about:home
FF NewTab: TomTom\HOME\Profiles\dnqr7n0g.default -> about:newtab
FF Extension: (Emulator) - C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\Extensions\Navcore.9.400.851694@tomtom.com [2012-02-14] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2016-01-13]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:newtab
FF Extension: (Seznam lištička) - C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2018-01-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-15] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-10-17] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Profile: C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default [2018-08-27]
CHR Extension: (Dokumenty) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
CHR Extension: (DuckDuckGo) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-08-25]
CHR Extension: (YouTube) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-02]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [890896 2018-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [231176 2018-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [231176 2018-08-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1148568 2018-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [431144 2018-08-03] (Avira Operations GmbH & Co. KG)
R2 CIJSRegister; C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe [153736 2016-06-02] (CANON INC.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2014-04-30] (Teruten) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SZDrvSvc_General; C:\Program Files\Clarus\Drive Manager\SZDrvSvcM.exe [24792 2016-05-12] (Clarus, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1479488 2011-10-20] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [132448 2018-07-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [147880 2018-07-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-03-02] (Avira Operations GmbH & Co. KG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]
R3 mvdM23; C:\Program Files\Clarus\Drive Manager\mvdM23.sys [90160 2015-12-02] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 snpmi03; C:\Windows\System32\DRIVERS\snpmi03.sys [186112 2004-01-12] ()
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-10-20] (TuneUp Software)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] <==== ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-27 16:44 - 2018-08-27 16:47 - 000014088 _____ C:\Users\milan\Desktop\FRST.txt
2018-08-27 16:43 - 2018-08-27 16:44 - 000000000 ____D C:\FRST
2018-08-27 16:36 - 2018-08-27 16:35 - 001773568 _____ (Farbar) C:\Users\milan\Desktop\FRST.exe
2018-08-27 16:34 - 2018-08-27 16:35 - 001773568 _____ (Farbar) C:\Users\milan\Downloads\FRST.exe
2018-08-27 06:53 - 2018-08-27 06:57 - 007417040 _____ (Malwarebytes) C:\Users\milan\Desktop\adwcleaner_7.2.2.exe
2018-08-26 20:14 - 2018-08-26 20:14 - 001107968 _____ C:\Users\milan\Downloads\RSIT (2).exe
2018-08-26 19:57 - 2018-08-26 20:00 - 000000000 ____D C:\rsit
2018-08-26 19:56 - 2018-08-26 19:56 - 001107968 _____ C:\Users\milan\Downloads\RSIT.exe
2018-08-26 19:56 - 2018-08-26 19:56 - 001107968 _____ C:\Users\milan\Downloads\RSIT (1).exe
2018-08-26 19:55 - 2018-08-26 19:56 - 001222144 _____ C:\Users\milan\Downloads\RSITx64.exe
2018-08-26 10:23 - 2018-08-26 10:23 - 000000000 ____D C:\Users\milan\AppData\Local\Clarus
2018-08-15 07:09 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-08-15 07:09 - 2018-06-29 17:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-15 07:09 - 2018-06-29 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-15 07:08 - 2018-08-03 17:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-15 07:08 - 2018-08-02 04:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-08-15 07:08 - 2018-08-02 04:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-08-15 07:08 - 2018-08-02 04:45 - 000189616 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-08-15 07:08 - 2018-08-02 04:45 - 000189616 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-08-15 07:08 - 2018-08-02 04:45 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-08-15 07:08 - 2018-08-02 04:44 - 000137904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-08-15 07:08 - 2018-08-02 04:44 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-08-15 07:08 - 2018-08-02 04:43 - 001310464 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-08-15 07:08 - 2018-08-02 04:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-08-15 07:08 - 2018-08-02 04:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-08-15 07:08 - 2018-08-02 04:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-08-15 07:08 - 2018-08-02 04:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-08-15 07:08 - 2018-08-02 04:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-08-15 07:08 - 2018-08-02 04:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-08-15 07:08 - 2018-08-02 04:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-08-15 07:08 - 2018-08-02 04:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-08-15 07:08 - 2018-08-02 04:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-08-15 07:08 - 2018-08-02 04:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-08-15 07:08 - 2018-08-02 04:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-08-15 07:08 - 2018-08-02 04:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-08-15 07:08 - 2018-08-02 04:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-08-15 07:08 - 2018-08-02 04:14 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-08-15 07:08 - 2018-08-02 04:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-08-15 07:08 - 2018-08-02 04:11 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-08-15 07:08 - 2018-08-02 04:11 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-08-15 07:08 - 2018-08-02 04:11 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-08-15 07:08 - 2018-08-02 04:10 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-08-15 07:08 - 2018-08-02 04:10 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-08-15 07:08 - 2018-08-02 04:10 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-08-15 07:08 - 2018-08-02 04:10 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-08-15 07:08 - 2018-08-02 04:10 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-08-15 07:08 - 2018-08-02 04:10 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-08-15 07:08 - 2018-08-02 04:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-08-15 07:08 - 2018-08-02 04:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-08-15 07:08 - 2018-08-02 04:10 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-08-15 07:08 - 2018-07-20 00:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-08-15 07:08 - 2018-07-19 06:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-08-15 07:08 - 2018-07-19 06:16 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-08-15 07:08 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-08-15 07:08 - 2018-07-19 06:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-08-15 07:08 - 2018-07-19 06:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-08-15 07:08 - 2018-07-19 06:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-08-15 07:08 - 2018-07-19 06:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-08-15 07:08 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-08-15 07:08 - 2018-07-19 05:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-08-15 07:08 - 2018-07-19 05:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-08-15 07:08 - 2018-07-19 05:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-08-15 07:08 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-08-15 07:08 - 2018-07-19 05:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-08-15 07:08 - 2018-07-19 05:55 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-08-15 07:08 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-08-15 07:08 - 2018-07-19 05:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-08-15 07:08 - 2018-07-19 05:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-08-15 07:08 - 2018-07-19 05:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-08-15 07:08 - 2018-07-19 05:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-08-15 07:08 - 2018-07-19 05:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-08-15 07:08 - 2018-07-19 05:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-08-15 07:08 - 2018-07-19 05:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-08-15 07:08 - 2018-07-19 05:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-08-15 07:08 - 2018-07-19 05:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-08-15 07:08 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-08-15 07:08 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-08-15 07:08 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-08-15 07:08 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-08-15 07:08 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-08-15 07:08 - 2018-07-19 05:28 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-08-15 07:08 - 2018-07-19 05:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-08-15 07:08 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-08-15 07:08 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-08-15 07:08 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-08-15 07:08 - 2018-07-13 21:07 - 001309888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-08-15 07:08 - 2018-07-13 21:06 - 000240832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-08-15 07:08 - 2018-07-13 21:06 - 000187584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-08-15 07:08 - 2018-07-08 17:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-08-15 07:08 - 2018-07-08 17:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-08-15 07:08 - 2018-07-08 17:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-08-15 07:08 - 2018-07-08 17:41 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-08-15 07:08 - 2018-07-08 17:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-08-15 07:08 - 2018-07-08 17:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-08-15 07:08 - 2018-07-07 17:19 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-15 07:08 - 2018-07-06 17:54 - 000713408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-15 07:08 - 2018-07-06 17:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-08-15 07:08 - 2018-07-06 17:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-08-15 07:08 - 2018-06-27 17:50 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-15 07:08 - 2018-06-27 17:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-15 07:08 - 2018-06-27 17:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-15 07:08 - 2018-06-27 17:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-15 07:08 - 2018-06-27 17:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-15 07:08 - 2018-06-27 17:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-15 07:08 - 2018-06-27 17:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-15 07:08 - 2018-06-27 17:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-15 07:08 - 2018-06-21 05:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-08-14 06:55 - 2018-08-14 06:55 - 000001074 _____ C:\Users\Public\Desktop\Avira.lnk
2018-08-06 10:30 - 2018-08-06 10:30 - 000069170 _____ C:\Users\milan\Desktop\Kreivi.pdf
2018-08-06 10:21 - 2018-08-06 10:21 - 000067180 _____ C:\Users\milan\Desktop\Mildenberger.pdf
2018-08-01 09:47 - 2018-08-01 09:47 - 000073728 _____ C:\Users\milan\Desktop\Tibor_NSU Angebot.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-27 13:11 - 2012-01-01 16:13 - 001593150 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-27 13:11 - 2009-07-14 10:44 - 000672136 _____ C:\Windows\system32\perfh005.dat
2018-08-27 13:11 - 2009-07-14 10:44 - 000142732 _____ C:\Windows\system32\perfc005.dat
2018-08-27 13:11 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-08-27 08:02 - 2018-01-16 21:12 - 000000000 ____D C:\Users\milan\AppData\Local\CrashDumps
2018-08-27 07:35 - 2009-07-14 06:34 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-27 07:35 - 2009-07-14 06:34 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-27 07:24 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-27 07:20 - 2018-03-06 22:38 - 000000000 ____D C:\AdwCleaner
2018-08-26 19:57 - 2013-07-04 21:57 - 000000000 ____D C:\Program Files\trend micro
2018-08-22 13:46 - 2012-09-03 16:15 - 001687040 ___SH C:\Users\milan\Documents\Thumbs.db
2018-08-22 13:42 - 2018-01-16 21:45 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-08-16 23:10 - 2014-09-03 07:02 - 000066116 _____ C:\Users\milan\Documents\Antonín Dědek 3.9.2014.xlsx
2018-08-16 12:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2018-08-16 11:18 - 2017-01-15 19:22 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-16 10:52 - 2009-07-14 06:53 - 000032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-08-16 10:52 - 2009-07-14 06:33 - 000408088 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-15 22:50 - 2013-08-14 22:31 - 000000000 ____D C:\Windows\system32\MRT
2018-08-15 22:50 - 2012-02-10 21:35 - 134276632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-08-15 22:49 - 2009-07-14 04:04 - 000000487 _____ C:\Windows\win.ini
2018-08-15 07:11 - 2013-02-27 08:14 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-08-15 07:11 - 2013-02-27 08:14 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-08-15 07:11 - 2013-02-27 08:14 - 000000000 ____D C:\Windows\system32\Macromed
2018-08-15 06:18 - 2016-01-14 11:37 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-14 06:55 - 2015-01-28 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-08-08 22:25 - 2015-02-27 17:32 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-07 21:47 - 2014-07-15 10:02 - 000000000 ____D C:\Users\milan\Documents\spolek SNONV
2018-07-30 22:16 - 2018-02-20 10:10 - 000000000 ____D C:\Users\milan\Desktop\Nová složka

==================== Files in the root of some directories =======

2012-01-03 12:54 - 2011-09-27 10:06 - 024880733 _____ () C:\Program Files\portable-BurningStudio7.21.exe
2012-02-22 22:40 - 2012-02-22 22:40 - 000136007 _____ () C:\Users\milan\AppData\Roaming\HEBEL 003.jpg
2016-12-29 22:37 - 2016-12-29 23:27 - 000037167 _____ () C:\Users\milan\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2016-12-29 22:16 - 2016-12-29 23:29 - 000037187 _____ () C:\Users\milan\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2014-01-08 22:42 - 2014-01-17 07:20 - 000000027 _____ () C:\Users\milan\AppData\Roaming\msaaqeui.dat
2014-01-08 22:43 - 2014-01-10 08:12 - 000001705 _____ () C:\Users\milan\AppData\Roaming\msvlmc.dat
2012-06-26 19:08 - 2014-02-10 12:25 - 000004096 ____H () C:\Users\milan\AppData\Local\keyfile3.drm
2014-12-04 11:17 - 2014-12-04 11:17 - 000000017 _____ () C:\Users\milan\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-26 10:13

==================== End of FRST.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Facebook vir

#6 Příspěvek od Conder »

:arrow: Ak nepouzivas, odporucam odinstalovat Seznam Software (Seznam Listicka).

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files\Android-Sync\AndroidSync.exe
    File: C:\Windows\system32\FsUsbExService.Exe
    File: C:\Windows\system32\HPZinw12.dll
    File: C:\Windows\system32\HPZipm12.dll
    File: C:\Windows\system32\FsUsbExDisk.SYS
    File: C:\Windows\system32\ckldrv.sys
    File: C:\Windows\system32\Drivers\StarOpen.sys
    
    HKLM\...\Policies\Explorer: [RestrictRun] 0
    HKU\S-1-5-21-2709638672-2288162957-48926482-1000\...\Policies\Explorer: [RestrictRun] 0
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
    FF Homepage: TomTom\HOME\Profiles\dnqr7n0g.default -> about:home
    FF NewTab: TomTom\HOME\Profiles\dnqr7n0g.default -> about:newtab
    FF Extension: (Emulator) - C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\Extensions\Navcore.9.400.851694@tomtom.com [2012-02-14] [Legacy] [not signed]
    FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
    FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:home
    FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:newtab
    FF Extension: (Seznam lištička) - C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2018-01-15] [Legacy]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    S3 cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] <==== ATTENTION
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    2018-08-26 20:14 - 2018-08-26 20:14 - 001107968 _____ C:\Users\milan\Downloads\RSIT (2).exe
    2018-08-26 19:57 - 2018-08-26 20:00 - 000000000 ____D C:\rsit
    2018-08-26 19:56 - 2018-08-26 19:56 - 001107968 _____ C:\Users\milan\Downloads\RSIT.exe
    2018-08-26 19:56 - 2018-08-26 19:56 - 001107968 _____ C:\Users\milan\Downloads\RSIT (1).exe
    2018-08-26 19:55 - 2018-08-26 19:56 - 001222144 _____ C:\Users\milan\Downloads\RSITx64.exe
    2018-08-26 19:57 - 2013-07-04 21:57 - 000000000 ____D C:\Program Files\trend micro
    2012-01-03 12:54 - 2011-09-27 10:06 - 024880733 _____ () C:\Program Files\portable-BurningStudio7.21.exe
    
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    Task: {53FC82D3-3DB6-428C-BEC6-B1EF86A4F05A} - \AutoKMS -> No File <==== ATTENTION
    Task: {6AEF310E-F4B2-4E6D-BF73-4CBC73F255EE} - \{6F435692-3137-40F5-A3B6-C2F369BC71B6} -> No File <==== ATTENTION
    Task: {BB8DC964-30CD-42B7-AE5D-EBC197BB8B76} - \{4897B830-B093-42FF-86DA-19A193F425B6} -> No File <==== ATTENTION
    Task: {EF9B1BAE-795A-41C7-88EF-118BD4FD9931} - \{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10} -> No File <==== ATTENTION
    Task: {F7343D6A-2D95-47C3-BE14-B5D7870BC9AB} - \{D159E7B9-CBE8-4198-9F76-E61B99C9CC13} -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\milan\Documents\2014-10-01 18.43.23.jpg:com.dropbox.attributes [1030]
    AlternateDataStreams: C:\Users\milan\Documents\2014-10-01 18.43.32.jpg:com.dropbox.attributes [1038]
    FirewallRules: [TCP Query User{9CD3235C-B0E1-4AAF-B28D-4AB1C3E90141}G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe
    FirewallRules: [UDP Query User{5A5E2B36-050A-479B-81D9-2253B508E3D4}G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) G:\záloha\disk d\program files\spyware terminator\spywareterminatorupdate.exe
    
    C:\Program Files\Common Files\AV\Spybot - Search and Destroy
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Re: Facebook vir

#7 Příspěvek od peknal »

Díky zde je fixlog.txt
Fix result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by milan (27-08-2018 21:55:47) Run:1
Running from C:\Users\milan\Desktop
Loaded Profiles: milan (Available Profiles: milan)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\Android-Sync\AndroidSync.exe
File: C:\Windows\system32\FsUsbExService.Exe
File: C:\Windows\system32\HPZinw12.dll
File: C:\Windows\system32\HPZipm12.dll
File: C:\Windows\system32\FsUsbExDisk.SYS
File: C:\Windows\system32\ckldrv.sys
File: C:\Windows\system32\Drivers\StarOpen.sys

HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2709638672-2288162957-48926482-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Homepage: TomTom\HOME\Profiles\dnqr7n0g.default -> about:home
FF NewTab: TomTom\HOME\Profiles\dnqr7n0g.default -> about:newtab
FF Extension: (Emulator) - C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\Extensions\Navcore.9.400.851694@tomtom.com [2012-02-14] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> about:newtab
FF Extension: (Seznam li�ti�ka) - C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2018-01-15] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 cpuz134; \??\C:\Users\milan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] <==== ATTENTION
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
2018-08-26 20:14 - 2018-08-26 20:14 - 001107968 _____ C:\Users\milan\Downloads\RSIT (2).exe
2018-08-26 19:57 - 2018-08-26 20:00 - 000000000 ____D C:\rsit
2018-08-26 19:56 - 2018-08-26 19:56 - 001107968 _____ C:\Users\milan\Downloads\RSIT.exe
2018-08-26 19:56 - 2018-08-26 19:56 - 001107968 _____ C:\Users\milan\Downloads\RSIT (1).exe
2018-08-26 19:55 - 2018-08-26 19:56 - 001222144 _____ C:\Users\milan\Downloads\RSITx64.exe
2018-08-26 19:57 - 2013-07-04 21:57 - 000000000 ____D C:\Program Files\trend micro
2012-01-03 12:54 - 2011-09-27 10:06 - 024880733 _____ () C:\Program Files\portable-BurningStudio7.21.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {53FC82D3-3DB6-428C-BEC6-B1EF86A4F05A} - \AutoKMS -> No File <==== ATTENTION
Task: {6AEF310E-F4B2-4E6D-BF73-4CBC73F255EE} - \{6F435692-3137-40F5-A3B6-C2F369BC71B6} -> No File <==== ATTENTION
Task: {BB8DC964-30CD-42B7-AE5D-EBC197BB8B76} - \{4897B830-B093-42FF-86DA-19A193F425B6} -> No File <==== ATTENTION
Task: {EF9B1BAE-795A-41C7-88EF-118BD4FD9931} - \{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10} -> No File <==== ATTENTION
Task: {F7343D6A-2D95-47C3-BE14-B5D7870BC9AB} - \{D159E7B9-CBE8-4198-9F76-E61B99C9CC13} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\milan\Documents\2014-10-01 18.43.23.jpg:com.dropbox.attributes [1030]
AlternateDataStreams: C:\Users\milan\Documents\2014-10-01 18.43.32.jpg:com.dropbox.attributes [1038]
FirewallRules: [TCP Query User{9CD3235C-B0E1-4AAF-B28D-4AB1C3E90141}G:\z�loha\disk d\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) G:\z�loha\disk d\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{5A5E2B36-050A-479B-81D9-2253B508E3D4}G:\z�loha\disk d\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) G:\z�loha\disk d\program files\spyware terminator\spywareterminatorupdate.exe

C:\Program Files\Common Files\AV\Spybot - Search and Destroy

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 119
Average :
Sum : 150513751
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: C:\Program Files\Android-Sync\AndroidSync.exe ========================

C:\Program Files\Android-Sync\AndroidSync.exe
File is digitally signed
MD5: 98315F6666FF11533754687F11458B8E
Creation and modification date: 2014-06-13 08:27 - 2014-06-10 00:00
Size: 006252976
Attributes: ----A
Company Name: http://www.android-sync.com
Internal Name:
Original Name:
Product: Android-Sync
Description:
File Version: 1.1.3.0
Product Version: 1.1.3.0
Copyright:
VirusTotal: https://www.virustotal.com/file/80bad8a ... 478076274/

====== End of File: ======


========================= File: C:\Windows\system32\FsUsbExService.Exe ========================

C:\Windows\system32\FsUsbExService.Exe
File not signed
MD5: 0796C1E47ADB9825269E64B9DAB4E741
Creation and modification date: 2014-06-17 15:45 - 2014-04-30 12:43
Size: 000233472
Attributes: ----A
Company Name: Teruten
Internal Name: FsUsbDevice
Original Name: FsUsbDevice.EXE
Product: CwService
Description: FsUsbDevice
File Version: 1, 0, 1, 0
Product Version: 1, 0, 1, 0
Copyright: Copyright (C) 2005
VirusTotal: https://www.virustotal.com/file/a9e4762 ... 535364473/

====== End of File: ======


========================= File: C:\Windows\system32\HPZinw12.dll ========================

C:\Windows\system32\HPZinw12.dll
File not signed
MD5: F7C14F5077BF2BC476C348B88A7F74E2
Creation and modification date: 2011-04-13 17:07 - 2011-04-13 17:07
Size: 000045568
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: Dot4Net
Original Name: Dot4Net.DLL
Product: Bidi User Mode
Description: Dot4Net Module
File Version: 12,1,7,51
Product Version: 12,1,7,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/2b9b731 ... 519696403/

====== End of File: ======


========================= File: C:\Windows\system32\HPZipm12.dll ========================

C:\Windows\system32\HPZipm12.dll
File not signed
MD5: E638656001C52A1FAA34F92E6D3A086B
Creation and modification date: 2011-04-13 17:07 - 2011-04-13 17:07
Size: 000055808
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: PmlDrv
Original Name: PmlDrv.DLL
Product: Bidi User Mode
Description: PmlDrv Module
File Version: 12,1,7,51
Product Version: 12,1,7,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/1dfb399 ... 518468029/

====== End of File: ======


========================= File: C:\Windows\system32\FsUsbExDisk.SYS ========================

C:\Windows\system32\FsUsbExDisk.SYS
File not signed
MD5: DDEE99DC54EFA20BD5A442CD733C4462
Creation and modification date: 2014-06-17 15:45 - 2014-04-30 12:43
Size: 000037344
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\ckldrv.sys ========================

C:\Windows\system32\ckldrv.sys
File not signed
MD5: 5EF7DD401771693245D46F4B0B69FE2B
Creation and modification date: 2014-10-21 20:01 - 2008-03-17 18:45
Size: 000019584
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\Drivers\StarOpen.sys ========================

C:\Windows\system32\Drivers\StarOpen.sys
File not signed
MD5: 306521935042FC0A6988D528643619B3
Creation and modification date: 2013-09-27 08:53 - 2006-07-24 16:05
Size: 000005632
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun" => removed successfully.
"HKU\S-1-5-21-2709638672-2288162957-48926482-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6}" => removed successfully.
HKLM\Software\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\skype-ie-addon-data" => removed successfully.
HKLM\Software\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => not found
"Firefox homepage" => removed successfully.
"Firefox newtab" => removed successfully.
C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\Extensions\Navcore.9.400.851694@tomtom.com => moved successfully
C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com => path removed successfully.
"Firefox homepage" => removed successfully.
"Firefox newtab" => removed successfully.
C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully.
AppMgmt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz134" => removed successfully.
cpuz134 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\dgderdrv" => removed successfully.
dgderdrv => service removed successfully.
C:\Users\milan\Downloads\RSIT (2).exe => moved successfully
C:\rsit => moved successfully
C:\Users\milan\Downloads\RSIT.exe => moved successfully
C:\Users\milan\Downloads\RSIT (1).exe => moved successfully
C:\Users\milan\Downloads\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Program Files\portable-BurningStudio7.21.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{53FC82D3-3DB6-428C-BEC6-B1EF86A4F05A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53FC82D3-3DB6-428C-BEC6-B1EF86A4F05A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AEF310E-F4B2-4E6D-BF73-4CBC73F255EE}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AEF310E-F4B2-4E6D-BF73-4CBC73F255EE}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F435692-3137-40F5-A3B6-C2F369BC71B6}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB8DC964-30CD-42B7-AE5D-EBC197BB8B76}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB8DC964-30CD-42B7-AE5D-EBC197BB8B76}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4897B830-B093-42FF-86DA-19A193F425B6}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF9B1BAE-795A-41C7-88EF-118BD4FD9931}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF9B1BAE-795A-41C7-88EF-118BD4FD9931}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FAFE20C6-672E-49FE-8A0C-A9DEEFC5FE10}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7343D6A-2D95-47C3-BE14-B5D7870BC9AB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7343D6A-2D95-47C3-BE14-B5D7870BC9AB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D159E7B9-CBE8-4198-9F76-E61B99C9CC13}" => removed successfully.
C:\Users\milan\Documents\2014-10-01 18.43.23.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\milan\Documents\2014-10-01 18.43.32.jpg => ":com.dropbox.attributes" ADS removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9CD3235C-B0E1-4AAF-B28D-4AB1C3E90141}G:\z�loha\disk d\program files\spyware terminator\spywareterminatorupdate.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5A5E2B36-050A-479B-81D9-2253B508E3D4}G:\z�loha\disk d\program files\spyware terminator\spywareterminatorupdate.exe" => not found
C:\Program Files\Common Files\AV\Spybot - Search and Destroy => moved successfully
Could not restore Hosts.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9443720 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 58793037 B
Edge => 0 B
Chrome => 119701135 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
LocalService => 33125 B
NetworkService => 33125 B
milan => 1377175 B

RecycleBin => 36384 B
EmptyTemp: => 188.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:59:30 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Facebook vir

#8 Příspěvek od Conder »

:arrow: Stiahni Zoek: http://download.bleepingcomputer.com/smeenk/zoek.exe
  • Uloz na plochu a spusti ako spravca
  • Do okna skopiruj nasledujuci script:

    Kód: Vybrat vše

    autoclean;
    resethosts;
    emptyclsid;
    IEdefaults;
    FFdefaults;
    CHRdefaults;
    emptyIEcache;
    emptyFFcache;
    emptyCHRcache;
    emptyalltemp;
    emptyflash;
    emptyjava;
    emptyrecycle.bin;
  • Klikni na Run script
  • Pockaj na dokoncenie a restartovanie PC
  • Po restartovani vyskoci log (pripadne bude v C:\zoek-results.log), jeho obsah sem skopiruj
:arrow: Ak sa Zoek zasekne a jeho cinnost potrva dlhsie ako cca 30 minut, restartuj PC manualne a daj vediet.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Re: Facebook vir

#9 Příspěvek od peknal »

log se Zoek zde

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by milan on Łt 28.08.2018 at 7:44:10,45.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\milan\Desktop\zoek (2).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

28.8.2018 7:50:48 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Convert PDF to Word Desktop Software deleted successfully
C:\Program Files\Seznam.cz deleted successfully
C:\Program Files\Common Files\AV deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:

Added to C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\prefs.js:

Added to C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Convert PDF to Word Desktop Software not found
C:\Program Files\Seznam.cz not found
C:\Users\milan\.android deleted
C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\wininit.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default
- Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 68.0.3440.106

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Chrome Media Router - milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
HKLM\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchT ... utEncoding?}
HKCU\SearchScopes "DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchT ... utEncoding?}

==== Reset Google Chrome ======================

C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLLSuite2016 deleted successfully

==== Empty IE Cache ======================

C:\Users\milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=46 folders=15 41139350 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\milan\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\milan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 28.08.2018 at 11:39:56,37 ======================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Facebook vir

#10 Příspěvek od Conder »

:arrow: Vyzera to OK. Nastala nejaka zmena alebo su este nejake problemy?

:arrow: Co sa tyka FB, odporucam v nastaveniach zmenit heslo a odhlasit vsetky pripojene zariadenia.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Re: Facebook vir

#11 Příspěvek od peknal »

Díky, dojde mě taková zpráva na emal .Vypadá to zatím , že již jen ze Severní Koreje. Před tím jich chodilo víc

Uživateli Milan, 박종훈 potvrdil(a), že jste na Facebooku přáteli. Možná znáte některé přátele uživatele 종훈: 신상현 10 společných přátel Přidat do přátel 천권준 6 společných přátel Přidat do přátel Dancer Dean 4 společní přátelé Přidat do přátel Sung Mi Moon 4 společní přátelé Přidat do přátel Yang Moonchang 3 společní přátelé Přidat do přátel 박진권 2 společní přátelé Přidat do přátel
facebook

Tohle je zpráva dnes z 18 52 Nikdy jsem nic nepotvrdil . Heslo jsem změnil dvakrát minulý týden. Má cenu po tomto čištění změnit zase heslo ? .

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Facebook vir

#12 Příspěvek od Conder »

:arrow: Z akej presne e-mailovej adresy prisiel ten mail? Tie ucty sa aj realne objavia v priateloch na tvojom FB ucte?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Re: Facebook vir

#13 Příspěvek od peknal »

1. na facebooku se objevují jenom žádosti o přátelství, které každý den mažu. Dnes ca. 30. Ani jednu nenajdu na facebook, potvrzenou, ale jenom v oznámení na outlook, které antispamem neustále mažu jako nevyžádnané. Před Vaším zásahem jich chodilo víc (nevím ADRESU ) většinou Severní Korea.

2. Dnes poslední rozesíláno je z této adresy 박종훈 na Facebooku <notification+iic6ogz1@facebookmail.com>
text oznámení vypadá takto

Od vaší poslední návštěvy přijali vaši žádost o přidání mezi přátelé někteří uživatelé (3).

박종훈

37 přátel

김일식

422 přátel

이조원
POkud přejdu do modu Facebook načte vstupní okno facebook s mým login (celá adresa https://www.facebook.com/n/?find-friend ... 0U5Mc&n_m= + moje emailová adresa)

Ty oznámení se těžko díky znakům rozlišují zda jsou stejné.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Facebook vir

#14 Příspěvek od Conder »

:arrow: Aha, tak v tom pripade tie e-maily su naozaj od Facebooku. Namiesto oznacovania ako spam by som skor odporucil odhlasit odber e-mailov o novych ziadostiach, a na Facebooku by sa v nastaveniach sukromia malo dat obmedzit, kto moze posielat ziadosti o priatelstvo.

:arrow: Okrem tych ziadosti sa nic ine nedeje?

:arrow: Inak PC vyzera cisty, ak uz nie su ine problemy, tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

peknal
Návštěvník
Návštěvník
Příspěvky: 82
Registrován: 22 čer 2010 20:54

Re: Facebook vir

#15 Příspěvek od peknal »

Udělám to tak, všechno ostaní už je v pořádku moc Vám děkuji.

Zamčeno