VIRY.CZ

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-10-2019
# Duration: 00:00:05
# OS: Windows 10 Pro
# Cleaned: 8
# Failed: 15


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
Deleted C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN

***** [ Registry ] *****

Deleted HKCU\Software\VIS
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C281B6B6-85D3-4570-AFCE-F17A3A71EA6B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN

***** [ Chromium (and derivatives) ] *****

Deleted Nepi Jano!

***** [ Chromium URLs ] *****

Not Deleted qvo6
Not Deleted qvo6
Not Deleted qvo6
Not Deleted qvo6
Not Deleted qvo6
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Not Deleted delta-homes
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2378 octets] - [10/02/2019 12:16:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

No engines detected this file
0/65
SHA-256 96b77284744f8761c4f2558388e0aee2140618b484ff53fa8b222b340d2a9c84
File name epmntdrv.sys
File size 17.07 KB
Last analysis 2018-05-15 14:19:30 UTC
Community score +1

No engines detected this file
0/67
SHA-256 8c614cf476f871274aa06153224e8f7354bf5e23e6853358591bf35a381fb75b
File name epmntdrv.sys
File size 14.57 KB
Last analysis 2018-09-07 06:16:37 UTC
Community score +7

No engines detected this file
0/70
SHA-256 6cc2a311d8e67032d0847d70b20dca87b52b2b7fb3c380b3a5ab6c233e955dd2
File name eugdidrv.sys
File size 9.57 KB
Last analysis 2019-01-05 13:37:55 UTC

No engines detected this file
0/66
SHA-256 8d604553a3f5db03bffd50473ecb6f05ebcfcc6b5e1f149322830dbd6c806866
File name EuGdiDrv_vista.sys
File size 8.95 KB
Last analysis 2018-04-07 20:28:42 UTC
Community score -3

No engines detected this file
0/68
SHA-256 04eb75a07b2949ab994f355bbee33de2069f94504d738dc7e66abb1c9f1c31c8
File name kbfiltr.sys
File size 15.55 KB
Last analysis 2018-12-17 14:24:46 UTC
Community score -49

No engines detected this file
0/70
SHA-256 f4ee803eefdb4eaeedb3024c3516f1f9a202c77f4870d6b74356bbde32b3b560
File name speedfan.sys
File size 27.99 KB
Last analysis 2019-01-31 21:44:22 UTC
Community score +55

Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Lukáš (10-02-2019 17:42:24) Run:1
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš & khuti & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\Program Files\Bonjour

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
Task: {09FD8CAF-D272-486C-A08C-EBA583C4D395} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0E49D02A-685A-4697-9384-54A70DB1E837} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2E2C3D46-98F8-4F95-9B97-B857861C4C26} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {34C22E45-428C-4F7A-826F-DA2DE8F0D6F1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3C0D29C1-B3B4-43F4-9818-E41419F992F1} - \WPD\SqmUpload_S-1-5-21-2880763456-3809056876-389139218-1001 -> No File <==== ATTENTION
Task: {4AD75B00-C92A-4346-879C-C7266CD14CF7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4DE9D934-48E0-4F09-BE4E-0F630B1126C4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52E9BEC3-F843-4FDE-A677-10BE6394E722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc -> Google Inc.)
Task: {79F05280-76D7-46A4-B565-5DD2268662C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7CBB4918-EFC9-4FB1-8C67-8773C8BD730D} - System32\Tasks\{480AAFFF-1DF1-44E9-9DF1-A80470953780} => C:\WINDOWS\system32\pcalua.exe -a E:\install.exe -d E:\
Task: {839CB979-3E9B-4A45-901C-2375F6CBF5FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc -> Google Inc.)
Task: {871A8033-F17C-41D3-9FD6-35B4A494E8B7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A3C5EF26-50F2-4A59-B9C0-AACB974D0F62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B856D3F5-A527-4913-A7D8-D42585C68B7E} - System32\Tasks\{EC931DD7-3C17-4DBC-9E99-10DA60B7D3BB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Mafia\Game.exe" -d "c:\program files\Mafia\"
Task: {BB80FBE1-9A3E-4CB1-8DF3-BA73A672EE5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CABB5CA3-6F54-4BA9-99D3-EC2BD8B3E927} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CF42D874-F4EC-4DE6-BBE2-C354CAA1ABCA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EDCE5CA9-742E-48EA-9FB2-BD092F012F57} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0E08FC17 [105]
FirewallRules: [{599A2838-080C-4561-B099-13FA90DD1EDB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89E770FA-8388-4006-B361-A85FDC26D3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9D870BE5-DC7C-47E9-B101-D608E108D870}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05722260-F990-465E-B966-C7DCD9BA93D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
EmptyTemp:
*****************

Processes closed successfully.
C:\Program Files\Bonjour => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09FD8CAF-D272-486C-A08C-EBA583C4D395}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09FD8CAF-D272-486C-A08C-EBA583C4D395}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E49D02A-685A-4697-9384-54A70DB1E837}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E49D02A-685A-4697-9384-54A70DB1E837}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E2C3D46-98F8-4F95-9B97-B857861C4C26}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2C3D46-98F8-4F95-9B97-B857861C4C26}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34C22E45-428C-4F7A-826F-DA2DE8F0D6F1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C22E45-428C-4F7A-826F-DA2DE8F0D6F1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C0D29C1-B3B4-43F4-9818-E41419F992F1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0D29C1-B3B4-43F4-9818-E41419F992F1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2880763456-3809056876-389139218-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AD75B00-C92A-4346-879C-C7266CD14CF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AD75B00-C92A-4346-879C-C7266CD14CF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DE9D934-48E0-4F09-BE4E-0F630B1126C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DE9D934-48E0-4F09-BE4E-0F630B1126C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52E9BEC3-F843-4FDE-A677-10BE6394E722}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52E9BEC3-F843-4FDE-A677-10BE6394E722}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79F05280-76D7-46A4-B565-5DD2268662C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F05280-76D7-46A4-B565-5DD2268662C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CBB4918-EFC9-4FB1-8C67-8773C8BD730D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CBB4918-EFC9-4FB1-8C67-8773C8BD730D}" => removed successfully
C:\WINDOWS\System32\Tasks\{480AAFFF-1DF1-44E9-9DF1-A80470953780} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{480AAFFF-1DF1-44E9-9DF1-A80470953780}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{839CB979-3E9B-4A45-901C-2375F6CBF5FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{839CB979-3E9B-4A45-901C-2375F6CBF5FC}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{871A8033-F17C-41D3-9FD6-35B4A494E8B7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{871A8033-F17C-41D3-9FD6-35B4A494E8B7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3C5EF26-50F2-4A59-B9C0-AACB974D0F62}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3C5EF26-50F2-4A59-B9C0-AACB974D0F62}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B856D3F5-A527-4913-A7D8-D42585C68B7E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B856D3F5-A527-4913-A7D8-D42585C68B7E}" => removed successfully
C:\WINDOWS\System32\Tasks\{EC931DD7-3C17-4DBC-9E99-10DA60B7D3BB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC931DD7-3C17-4DBC-9E99-10DA60B7D3BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB80FBE1-9A3E-4CB1-8DF3-BA73A672EE5A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB80FBE1-9A3E-4CB1-8DF3-BA73A672EE5A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CABB5CA3-6F54-4BA9-99D3-EC2BD8B3E927}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CABB5CA3-6F54-4BA9-99D3-EC2BD8B3E927}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF42D874-F4EC-4DE6-BBE2-C354CAA1ABCA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF42D874-F4EC-4DE6-BBE2-C354CAA1ABCA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDCE5CA9-742E-48EA-9FB2-BD092F012F57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDCE5CA9-742E-48EA-9FB2-BD092F012F57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
C:\ProgramData\TEMP => ":0E08FC17" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{599A2838-080C-4561-B099-13FA90DD1EDB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89E770FA-8388-4006-B361-A85FDC26D3BA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D870BE5-DC7C-47E9-B101-D608E108D870}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05722260-F990-465E-B966-C7DCD9BA93D9}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42261777 B
Java, Flash, Steam htmlcache => 1237 B
Windows/system/drivers => 7068786 B
Edge => 2580660 B
Chrome => 836867915 B
Firefox => 204602552 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 41636 B
NetworkService => 0 B
Lukáš => 38811385 B
khuti => 90048 B
Guest => 0 B

RecycleBin => 27642915 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:43:40 ====