Prosím o kontrolu logu. McAfee stále hlásí virus Artemis anebo podezřelý program.
LOg:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by user (administrator) on HP (27-09-2015 12:15:59)
Running from E:\
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Users\user\AppData\Local\156D1338-CF63-4512-9E23-1829882A5BD\156D1338-CF63-4512-9E23-1829882A5BD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-08-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-07-12]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk [2015-07-10]
ShortcutTarget: Lingea Update Center.lnk -> C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe (Lingea)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{826c5206-726f-4c62-931a-9ae2552671d9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9594eb7c-ebfe-4578-8b15-ff6424382f10}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {7569F2ED-27BC-4F80-BD21-EFE94AFEC867} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {7569F2ED-27BC-4F80-BD21-EFE94AFEC867} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2268506852-1458261059-3197517214-1001 -> {7569F2ED-27BC-4F80-BD21-EFE94AFEC867} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1440515700148
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qrpf819s.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2015-08-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2015-08-21] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qrpf819s.default\Extensions\iobitascsurfingprotection@iobit.com [2015-09-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-12]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-03]
CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-03]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-03]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-03]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-03]
CHR Extension: (Tabulky Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-03]
CHR Extension: (Peněženka Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-03]
Opera:
=======
OPR Extension: (flaviobayer) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-07-21]
OPR Extension: (No Name) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-09-01]
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-26]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-08-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
U2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-08-24] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [243752 2015-08-25] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2015-04-08] (Intel Corporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-06] (REALiX(tm))
S3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [83968 2015-07-10] (Intel(R) Corporation)
S3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2015-08-03] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2015-07-06] ()
R0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-09-16] (Intel(R) Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-24] (Realtek )
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-08-03] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-08-24] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-01-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-09-16] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2015-07-06] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2015-04-08] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2015-09-01] (wisecleaner.com)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-27 12:15 - 2015-09-27 12:16 - 00000000 ____D C:\FRST
2015-09-27 12:14 - 2015-09-27 12:14 - 00016148 _____ C:\WINDOWS\system32\HP_user_HistoryPrediction.bin
2015-09-27 09:46 - 2015-09-27 09:46 - 00004268 _____ C:\WINDOWS\System32\Tasks\156D1338-CF63-4512-9E23-1829882A5BD
2015-09-27 09:46 - 2015-09-27 09:46 - 00000000 ____D C:\Users\user\AppData\Local\156D1338-CF63-4512-9E23-1829882A5BD
2015-09-27 09:44 - 2015-09-27 11:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Seznam.cz
2015-09-27 09:44 - 2015-09-27 09:47 - 00000282 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_user.job
2015-09-26 16:26 - 2015-09-27 12:13 - 00000423 _____ C:\WINDOWS\setupact.log
2015-09-26 16:26 - 2015-09-27 12:13 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-26 16:26 - 2015-09-26 16:26 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-26 16:25 - 2015-09-26 16:26 - 00356216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-26 16:25 - 2015-09-26 16:25 - 00006580 _____ C:\WINDOWS\PFRO.log
2015-09-22 20:52 - 2015-09-15 18:12 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-22 20:52 - 2015-09-15 18:12 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-20 19:35 - 2015-09-20 19:35 - 00002366 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-17 20:04 - 2015-09-17 20:04 - 00003928 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1409756690
2015-09-17 20:04 - 2015-09-17 20:04 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-16 19:09 - 2015-09-16 19:09 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-09-16 19:09 - 2015-09-16 19:09 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-09-16 19:07 - 2015-09-16 19:07 - 00041464 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\MBI.sys
2015-09-12 12:34 - 2015-09-12 12:40 - 00001169 _____ C:\Users\user\Desktop\lexicon02.lnk
2015-09-12 08:30 - 2015-07-09 20:39 - 04847104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2015-09-12 08:30 - 2015-07-09 20:36 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2015-09-12 08:30 - 2015-07-09 20:28 - 06358016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2015-09-12 08:30 - 2015-07-09 20:25 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2015-09-12 08:30 - 2015-07-09 20:25 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2015-09-12 08:29 - 2015-09-12 08:29 - 00001058 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2015-09-12 07:59 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-12 07:59 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-12 07:59 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-12 07:59 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-12 07:59 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-12 07:59 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-12 07:59 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-12 07:59 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-12 07:59 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-12 07:59 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-12 07:59 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-12 07:59 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-12 07:59 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-12 07:59 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-12 07:59 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-12 07:59 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-12 07:59 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-12 07:59 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-12 07:59 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-12 07:59 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-12 07:59 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-12 07:59 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-12 07:59 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-12 07:59 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-12 07:59 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-12 07:59 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-12 07:59 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-12 07:59 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-12 07:59 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-12 07:59 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-12 07:59 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-12 07:59 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 16:30 - 2015-09-08 16:30 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\091149B9.sys
2015-09-06 09:46 - 2015-09-06 09:46 - 00000000 ____D C:\Users\user\AppData\Local\GHISLER
2015-09-06 09:44 - 2015-09-06 09:44 - 00001046 _____ C:\Users\user\Desktop\TOTALCMD.lnk
2015-09-06 09:44 - 2015-09-06 09:44 - 00000000 ____D C:\Users\user\AppData\Roaming\GHISLER
2015-09-06 09:32 - 2015-09-06 09:32 - 00003262 _____ C:\WINDOWS\System32\Tasks\{7F182127-060F-45FF-B0F6-B1DA50778745}
2015-09-02 19:11 - 2015-09-02 19:11 - 00001262 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-09-02 19:11 - 2015-09-02 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-09-02 19:11 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\SysWOW64\IObitSmartDefragExtension.dll
2015-09-02 19:11 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2015-09-02 19:11 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2015-09-02 19:11 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2015-09-02 19:09 - 2015-09-16 19:10 - 00002234 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-09-02 19:09 - 2015-09-02 19:09 - 00003334 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scan
2015-09-02 19:09 - 2015-09-02 19:09 - 00003282 _____ C:\WINDOWS\System32\Tasks\Driver Booster Update
2015-09-02 19:09 - 2015-09-02 19:09 - 00003074 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (user)
2015-09-02 16:37 - 2015-09-26 18:04 - 00000958 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-02 16:37 - 2015-09-02 16:37 - 00004010 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-09-02 16:27 - 2015-09-02 16:27 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\5F2E7228.sys
2015-09-01 22:04 - 2015-09-22 20:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2015-09-01 21:59 - 2015-09-01 21:59 - 00014800 _____ (wisecleaner.com) C:\WINDOWS\WiseHDInfo64.dll
2015-09-01 21:53 - 2015-09-01 21:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Wise Registry Cleaner
2015-09-01 21:09 - 2015-09-01 21:09 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-09-01 21:03 - 2015-09-06 09:05 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-01 20:43 - 2015-09-01 20:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 19:58 - 2015-09-01 20:21 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-31 13:27 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-31 13:27 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-31 13:27 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-31 13:27 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-31 13:27 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-31 13:27 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-31 13:27 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-31 13:27 - 2015-08-20 07:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-31 13:27 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-31 13:27 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-31 13:27 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-31 13:27 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-31 13:27 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-31 13:27 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-31 13:27 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-31 13:27 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-31 13:27 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-31 13:27 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-31 13:27 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-31 13:27 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-31 13:27 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-31 13:27 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-31 13:27 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-31 13:27 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-31 13:27 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-31 13:27 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-31 13:27 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-31 13:27 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-31 13:27 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-31 13:27 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-31 13:27 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-31 13:27 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-31 13:27 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-31 13:27 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-31 13:27 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-31 13:27 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-31 13:27 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-31 13:27 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-31 13:27 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-31 13:27 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-31 13:27 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-31 13:27 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-31 11:56 - 2015-08-31 11:56 - 00003138 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-08-31 11:56 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-27 12:13 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-27 12:13 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-27 12:13 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-27 11:52 - 2015-08-03 12:03 - 01857646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-27 11:52 - 2015-07-10 18:02 - 00770566 _____ C:\WINDOWS\system32\perfh005.dat
2015-09-27 11:52 - 2015-07-10 18:02 - 00171800 _____ C:\WINDOWS\system32\perfc005.dat
2015-09-27 11:31 - 2014-09-02 16:36 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B257AF66-1B3F-46AA-B1E7-C80BBB32631E}
2015-09-27 11:15 - 2014-03-22 14:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-27 11:14 - 2015-08-03 12:18 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-09-27 11:14 - 2014-07-12 20:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-09-27 11:13 - 2014-07-12 20:01 - 00000000 ____D C:\ProgramData\CyberLink
2015-09-27 11:10 - 2014-03-22 14:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-09-27 08:35 - 2014-09-03 17:04 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-25 19:20 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-25 17:34 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-25 14:42 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-24 19:11 - 2015-07-21 19:11 - 00000334 _____ C:\WINDOWS\Tasks\HPCeeScheduleForuser.job
2015-09-24 19:09 - 2014-09-01 13:09 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2015-09-23 21:09 - 2015-07-06 21:32 - 00000000 ____D C:\ProgramData\ProductData
2015-09-23 19:42 - 2014-12-09 17:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 20:27 - 2015-04-25 08:57 - 00000000 ____D C:\Users\user\OneDrive
2015-09-17 10:31 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-12 12:47 - 2014-09-01 13:09 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2015-09-12 12:36 - 2015-03-03 19:56 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-09-12 11:54 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 11:54 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-12 08:30 - 2015-07-10 18:03 - 00000000 ____D C:\WINDOWS\OCR
2015-09-12 08:01 - 2014-09-03 16:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 17:04 - 2015-07-06 21:29 - 00000000 ____D C:\Program Files (x86)\IObit
2015-09-08 17:02 - 2015-07-06 21:30 - 00000000 ____D C:\Users\user\AppData\Roaming\IObit
2015-09-08 16:56 - 2015-07-20 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bi-LINK Gateway
2015-09-08 16:56 - 2015-07-07 16:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Numera.Gateway
2015-09-04 16:23 - 2015-08-03 12:31 - 00000000 ____D C:\Users\user\AppData\Local\Comms
2015-09-02 19:55 - 2015-08-03 12:57 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-02 19:46 - 2015-07-06 21:32 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-09-02 19:09 - 2015-07-06 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-09-02 19:09 - 2015-07-06 21:29 - 00000000 ____D C:\ProgramData\IObit
2015-09-02 16:39 - 2014-11-28 11:20 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-09-01 22:11 - 2014-07-12 20:04 - 00000000 ____D C:\Users\Public\CyberLink
2015-08-31 18:27 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
==================== Files in the root of some directories =======
2014-07-14 14:59 - 2014-07-14 14:59 - 0010205 _____ () C:\ProgramData\regid.2013-05.com.numera_8387D7E1-EBC1-4947-8CEB-274608BDADDA.swidtag
2014-11-19 09:57 - 2014-11-19 09:57 - 0010205 _____ () C:\ProgramData\regid.2013-05.com.numera_91AF1DFA-D414-47AC-8961-F8FE5CBA435C.swidtag
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\4672.exe
C:\Users\user\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-20 20:39
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
WIN10 - Artemis
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
letadloaero
- Návštěvník
- Příspěvky: 17
- Registrován: 21 čer 2011 05:45
WIN10 - Artemis
- Přílohy
-
- Addition.zip
- (9.27 KiB) Staženo 40 x
-
Rudy
- Site Admin
- Příspěvky: 119356
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: WIN10 - Artemis
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
letadloaero
- Návštěvník
- Příspěvky: 17
- Registrován: 21 čer 2011 05:45
Re: WIN10 - Artemis
JO, díky. McAfee už mlčí, ale pro jistotu.
LogS2
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\productdata
Folder Found : C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
Folder Found : C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
Folder Found : C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
Folder Found : C:\users\user\AppData\Roaming\productdata
***** [ Files ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
Task Found : amiupdaterExd
Task Found : amiupdaterExi
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\CrossBrowser
Key Found : HKCU\Software\YorkNewCin
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\CrossBrowser
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Log C2
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\productdata
[-] Folder Deleted : C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
[-] Folder Deleted : C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
[-] Folder Deleted : C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
[-] Folder Deleted : C:\users\user\AppData\Roaming\productdata
***** [ Files ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\CrossBrowser
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\Software\AppDataLow\Software\Crossrider
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2649 bytes] ##########
LogS2
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\productdata
Folder Found : C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
Folder Found : C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
Folder Found : C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
Folder Found : C:\users\user\AppData\Roaming\productdata
***** [ Files ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
Task Found : amiupdaterExd
Task Found : amiupdaterExi
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\CrossBrowser
Key Found : HKCU\Software\YorkNewCin
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\CrossBrowser
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Log C2
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\productdata
[-] Folder Deleted : C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
[-] Folder Deleted : C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
[-] Folder Deleted : C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
[-] Folder Deleted : C:\users\user\AppData\Roaming\productdata
***** [ Files ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\CrossBrowser
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\S-1-5-21-2268506852-1458261059-3197517214-1001\Software\AppDataLow\Software\Crossrider
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2649 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119356
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: WIN10 - Artemis
Ještě musíme dočistit. Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?